Article Preview
Top1. Introduction
Recently, malware, short for malware, has evolved significantly and has become a major threat to home users, businesses and even governments. Despite the wide use and availability of various anti-malware tools such as anti-virus, intrusion detection systems, firewalls, etc., malware authors can easily escape these precautions by using concealment techniques (Chumachenko, 2017).
With the rapid development of the Internet, malware has become one of the major cyber threats today. Any software that performs malicious actions, including stealing information, spying, etc. can be called malware. Kaspersky Labs (2017) defines malware as “a type of computer program designed to infect a legitimate user's computer and inflict damage in multiple ways.”
As the diversity of malware increases, antivirus scanners cannot meet protection needs, resulting in millions of hosts being attacked. According to malware statistics report, Symantec affirms that more than 357 million new malware variants were observed in 2016. (“Internet Security Threat Report,” 2017). Juniper Research (2016) predicts that the cost of data breaches will rise to $2.1 trillion globally by 2019.
In addition, there is a decrease in the level of skill required for malware development, due to the high availability of attack tools on the Internet today. The high availability of anti-detection techniques, as well as the ability to purchase malware on the black market, gives the possibility to become an attacker to anyone, regardless of skill level. Current studies show that more and more attacks are launched by script-kiddies or are automated (Aliyev, 2010).
Therefore, protecting computer systems against malware is one of the most important cybersecurity tasks for individual users and businesses, because even a single attack can compromise important data and cause sufficient losses. Frequent attacks and massive losses dictate the need for accurate and timely detection methods. Current static and dynamic methods do not allow accurate and effective detection, especially when it comes to zero-day attacks. For this reason, techniques and methods based on machine learning can be used (Chumachenko, 2017).
When classifying malicious code families, it is important to identify the unique characteristics of malicious codes, but it is also important to select the classification algorithms used as classifiers correctly. Recently, one of the most actively studied fields in the study of classification or recognition techniques is the deep neural network (DNN) related research called depth neural network which is made by increasing the number of hidden layers of neural networks. In particular, in the field of image and speech recognition, deep neural network-based models have shown excellent performance, and there are moves to use them in other areas as well. Malicious code analysis is one such area. Indeed, various malicious code classification models using deep neural networks have been proposed. There are many research studies that combine classification schemes using recurrent neural networks (NRNs) (Pascanu, Tour, Mikolov, & Tour, 2013) and conventional neural networks in the field of image recognition and processing, but just few in the field of malwares and intrusions detection and classification (Chen, 2015).
This paper aims to explore the problem of malware classification, and to propose a new approach combining Convolutional Neural Network (CNN) and Long Short-Term Memory Recurrent Neural Network (LSTM). The proposed model has been evaluated on the data provided by Microsoft for the BIG Cup 2015 (Big Data Innovators Gathering).
This paper presents the related work in the next section. The section 3 detailed description of the proposed methodology. Section 4 describes the experiments using the proposed model. Section 5 presents conclusions and future research directions.