Malware detection and classification using embedded convolutional neural network and long short-term memory technique

Abstract

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. As the use of encryption protocols increases, so does the challenge of identifying malware encrypted traffic also increases. Malware is a threat to people in the cyber world, as it steals personal information and harms computer systems. Network attacks refer to all types of unauthorized access to a network, including any attempts to damage and disrupt the network. This often leads to serious consequences. However, various researchers, developers and information security specialists around the globe continuously work on strategies for detecting malware. Recently, deep learning has been successfully applied to network security assessments and intrusion detection systems (IDSs) with various breakthroughs, such as using Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) to classify malicious traffic. But, with the diverse nature of malware, it is difficult to extract features from it. Therefore, existing solutions require more computing resources since available resources are not efficient for datasets with large numbers of samples. Also, adopting existing feature extractors for extracting features of images consumes more resources. This paper therefore solved these problems by combining a 1D convolutional neural network (CNN) and long short-term memory (LSTM) to adequately detect and classify malicious encrypted traffic. This work was conducted on the malware Analysis benchmark Datasets with API Call Sequences, which contains 42,797 malwares and 1,079 goodware API call sequences. The experimental results show that our proposed system has achieved 99.2% accuracy and outperformed all other state-of-the-art models.