Research on Application of Attention-CNN in Malware Detection

Abstract

Read online

The attack of malware has become one of the most major threats to the Internet. What??s more, the existing malware data are huge and have multiple features. In order to extract the characteristics better and master the behaviors of malware, Attention-CNN malware detection model based on attention mechanism is proposed. Firstly, the Attention-CNN is constructed by combining convolutional neural network (CNN) and the attention mechanism. Secondly, the malwares are transformed into gray-scale images as the input of the detection model. The attention maps and detection results corresponding to the malware are obtained by training and testing the Attention-CNN model. Eventually, the important byte sequences extracted from the attention map are used for manual analysis to reveal the behaviors of malware. Experimental results show that, Attention-CNN can get better detection results than SVM (support vector machine), random forest, J48.trees and CNN without attention mechanism. Meanwhile, Attention-CNN improves the detection accuracy by 4.3 percentage points compared with vsNet. Moreover, the important byte sequences extracted from the attention map can effectively reduce the burden of manual analysis and obtain the relevant behaviors of malware, and make up for the non-interpretability of malware detection in the form of gray-scale image.

Keywords

• malware detection
• convolutional neural network (cnn)
• attention mechanism
• byte sequences
• manual analysis