The popularity of Windows attracts the attention of hackers/cyber-attackers, making Windows devices the primary target of malware attacks in recent years. Several sophisticated malware variants and anti-detection methods have been significantly enhanced and as a result, traditional malware detection techniques have become less effective. This work presents MalBehavD-V1, a new behavioural dataset of Windows Application Programming Interface (API) calls extracted from benign and malware executable files using the dynamic analysis approach. In addition, we present MalDetConV, a new automated behaviour-based framework for detecting both existing and zero-day malware attacks. MalDetConv uses a text processing-based encoder to transform features of API calls into a suitable format supported by deep learning models. It then uses a hybrid of convolutional neural network (CNN) and bidirectional gated recurrent unit (CNN-BiGRU) automatic feature extractor to select high-level features of the API Calls which are then fed to a fully connected neural network module for malware classification. MalDetConv also uses an explainable component that reveals features that contributed to the final classification outcome, helping the decision-making process for security analysts. The performance of the proposed framework is evaluated using our MalBehavD-V1 dataset and other benchmark datasets. The detection results demonstrate the effectiveness of MalDetConv over the state-of-the-art techniques with detection accuracy of 96.10%, 95.73%, 98.18%, and 99.93% achieved while detecting unseen malware from MalBehavD-V1, Allan and John, Brazilian, and Ki-D datasets, respectively. The experimental results show that MalDetConv is highly accurate in detecting both known and zero-day malware attacks on Windows devices.
翻译:视窗的广度吸引了黑客/ cyber- 攻击者的注意, 使视窗设备成为近年来恶意攻击的首要目标。 几个复杂的恶意软件变异器和防检测方法已经大大加强, 结果传统的恶意软件检测技术变得不那么有效。 这项工作展示了 MalBehavD- V1 的一个新的行为数据集, 这是Windows 应用程序编程接口( API) 的新的行为数据集, 使用动态分析方法从良软件和恶意软件执行文件中提取的。 此外, 我们展示了 MalDetConV, 这是一种基于自动行为的新框架, 用以检测现有和零日恶意软件攻击。 MalDetConv使用基于文本的编码编码, 将API 调用的功能转换成一个由深层学习模型支持的合适格式。 然后, 它使用进化的进化神经神经神经系统网络( CN- BIGRRURU) 自动功能提取器, 用于选择 API 高级功能, 然后输入一个完全连接的神经网络模块, 分类。 Maltal- dal- dal- laveilal- dal- dreal- dreal- dreadal laudal- disal- disal- disalmental- disl- disal sal sal- sal laveal sal sal sal sald sal lad- sal- sal- sal lad sal lad lad- sal lad lad- sald lad lad ladaldaldald lad lad lady lad lady lady lady lad lad lad lad lad lad lad lad lad lad lad ladal lad lad ladaldaldal ladal ladal lad ladal ladal lad