Malware Classification Possibility based on Sequence Information

Tae-Uk Yun, Chan-Soo Park, Tae-Gyu Hwang, Sung Kwon Kim

http://doi.org/10.5626/JOK.2017.44.11.1125

LSTM(Long Short-term Memory) is a kind of RNN(Recurrent Neural Network) in which a next-state is updated by remembering the previous states. The information of calling a sequence in a malware can be defined as system call function that is called at each time. In this paper, we use calling sequences of system calls in malware codes as input for malware classification to utilize the feature remembering previous states via LSTM. We run an experiment to show that our method can classify malware and measure accuracy by changing the length of system call sequences.