Hybrid Malware Detection and Classification in Real-Time by Deep Learning Techniques
With the development taking place, especially in the field of the Internet through electronic banks, communication between people, sending important information, especially between them, and downloading many programs and files, there is a need to develop a strong protection system against malicious software that is increasing daily and becoming more dangerous and more complex.
In this study, two models of malware protection by detecting and classifying the type of family it belongs to are proposed and applied to our collected dataset of 30 classes based on deep learning methods. The first model used Convolutional Neural Network (CNN) with malware images based on malware binary numbers and the second model used Long Short-Term Memory (LSTM) based on API call sequences. A dynamic approach based on API call sequences is beneficial to detect malware that hides itself using techniques such as metamorphic.
After the two models were trained, they were tested for samples of malware that belong to the same families but are not present in the collected dataset. These models were discovered and classified with high accuracy and in real time. In the first model, we attained an accuracy of 98.23% and in the second model 99.45, demonstrating the superiority of our method.
Keywords - CNN, LSTM, Static analysis, Dynamic analysis, Hybrid analysis.