An Ensemble technique for imbalanced multiclass malware classification by leveraging API call semantics

An Ensemble technique for imbalanced multiclass malware classification by leveraging API call semantics

연구 분야: Safety

학회: Discover Computing

The continuous evolution of malicious programs (malware families) poses a significant threat to the security of computing environments. Machine learning and deep learning methods are gaining popularity in terms of effective classification among malware families. However, the multiclass malware classification problem, considering imbalanced complex Application Program Interface(API) call sequences, is an ongoing research challenge. This article proposes a data preprocessing technique called Continuous Duplicate Subsequence Removal (CDSR) to remove obfuscated API calls in dynamic API call sequences and address the horizontal imbalance problem in the dataset. Machine learning and deep learning models were trained using the Skip-gram API embeddings as a feature weight matrix to ensure improved classification capabilities. The proposed Ensemble Probability for Class Prediction (EPCP) technique is a novel method that ensembles the classification probabilities of several deep learning and machine learning models to ensure better classification results. Comparing the experimental findings of EPCP to the most well-known results on two benchmark dynamic API sequence datasets, MAL-API-2019 and APIMDS, reveals a notable performance improvement. Additionally, for MAL-API-2019, the average score, accuracy, and AUC scores are 67%, 68%, and 91%, while for APIMDS, they are 91%, 80%, and 97%, respectively.