Abstract
Malware detection has noticeably increased in computer security community. However, little is known about a malware’s intentions. In this study, we propose a novel idea to adopt sequence-to-sequence (seq2seq) neural network architecture to analyze a sequence of Windows API invocation calls recording a malware at runtime, and generate tags to describe its malicious behavior. To the best of our knowledge, this is the first research effort which incorporate a malware’s intentions in malware analysis and in security domain. It is important to note that we design three embedding modules for transforming Windows API’s parameter values, registry, a file name and URL, into low-dimension vectors to preserve the semantics. Also, we apply the attention mechanism [10] to capture the relationship between a tag and certain API invocation calls when predicting tags. This will be helpful for security analysts to understand malicious intentions with easy-to-understand description. Results demonstrated that seq2seq model could mostly find possible malicious actions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Athiwaratkun, B., Stokes, J.W.: Malware classification with LSTM and GRU language models and a character-level CNN. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 2482–2486. IEEE, New Orelans (2017)
Chiu, W.J.: Automated malware family signature generation based on runtime API call sequence. Master thesis. National Taiwan University, Taiwan (2018)
Dahl, G.E., Stokes, J.W., Deng, L., Yu, D.: Large-scale malware classification using random projections and neural networks. In: Acoustics, Speech and Signal Processing, pp. 3422–3426. IEEE, Vancouver (2013)
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6 (2012)
Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5, 56–64 (2014)
Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 249–256 (2010)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Hsiao, S.W., Sun, Y.S., Chen, M.C: Virtual machine introspection based malware behavior profiling and family grouping. arXiv preprint arXiv:1705.01697 (2017)
Huang, W., Stokes, J.W.: MtNet: a multi-task neural network for dynamic malware classification. In: Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 399–418. Springer, Cham (2016)
Luong, M.T., Pham, H., Manning, C.D.: Effective approaches to attention-based neural machine translation. In: Proceedings of Conference on Empirical Methods in Natural Language Processing, pp. 1412–1421. Lisbon, Portugal (2015)
Zhou, B., Khosla, A., Lapedriza, A., Oliva, A., Torralba, A.: Learning deep features for discriminative localization. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2921–2929. (2016)
Acknowledgements
This work was supported by MOST107-2221-E-004-003-MY2.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Huang, YT., Chen, YY., Yang, CC., Sun, Y., Hsiao, SW., Chen, M.C. (2019). Tagging Malware Intentions by Using Attention-Based Sequence-to-Sequence Neural Network. In: Jang-Jaccard, J., Guo, F. (eds) Information Security and Privacy. ACISP 2019. Lecture Notes in Computer Science(), vol 11547. Springer, Cham. https://doi.org/10.1007/978-3-030-21548-4_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-21548-4_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21547-7
Online ISBN: 978-3-030-21548-4
eBook Packages: Computer ScienceComputer Science (R0)