Malware Detection Model with Skip-Connected LSTM RNN

Jangseong Bae, Changki Lee, Suno Choi, Jonghyun Kim

http://doi.org/10.5626/JOK.2018.45.12.1233

A program can be viewed as a sequence of consecutive Opcodes in which malware is a malicious program. In this paper, we assume that the program is a sequence of Opcodes with semantic information and detect the malware using the Long Short-Term Memory Recurrent Neural Network (LSTM RNN), which is a deep learning model suitable for sequence data modeling. For various experiments, the Opcode sequence is divided into a uni-gram sequence and a tri-gram sequence and used as the input features of the various deep learning models. Several deep learning models use the input Opcodes sequence to determine whether the program is a normal file or malware. We also show that the proposed Skip-Connected LSTM RNN model is superior to the LSTM encoder and the Convolutional Neural Network(CNN) model for malware detection. Experimental results show that the Skip-Connected LSTM RNN model has better performance than the LSTM encoder and CNN model in the Opcode sequence tri-gram data.