Title: Deep learning models for multi-class malware classification using Windows exe API calls

Authors: Kakelli Anil Kumar; Kaustubh Kumar; Nag Lohith Chiluka

Addresses: School of Computer Science and Engineering (SCOPE), Vellore Institute of Technology, Vellore, Tamil Nadu, 632014, India ' School of Computer Science and Engineering (SCOPE), Vellore Institute of Technology, Vellore, Tamil Nadu, 632014, India ' School of Computer Science and Engineering (SCOPE), Vellore Institute of Technology, Vellore, Tamil Nadu, 632014, India

Abstract: Metamorphic malware is new and one of the most advanced malwares recently discovered. This malware can bypass anti-viruses and are much harder to detect if present in any computer system or network. This research paper intends to develop a better classification method for this metamorphic malware using the latest malware API calls dataset. The multi-class malware classification used in this study is gated recurrent units (GRU). Another non-conventional multi-class malware classification method used is convolution neural network with long short-term memory (CNN + LSTM). The multi-classification results obtained by GRU are 55% with a 0.56 F1-score, and CNN + LSTM is 60% with a 0.61 F1-score, which is quite good. Moreover, the performance of the proposed deep learning models is compared against different classifiers and existing models to show their effectiveness in categorising malware.

Keywords: metamorphic malware; gated recurrent unit; GRU; CNN + LSTM; deep learning models; malware classification; Windows exe API calls; SVM; random forest; XGBoost; decision tree.

DOI: 10.1504/IJCCBS.2022.121356

International Journal of Critical Computer-Based Systems, 2022 Vol.10 No.3, pp.185 - 201

Received: 18 Nov 2020
Accepted: 30 Apr 2021
Published online: 07 Mar 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article