Research on Malicious Software Detection Based on CNN-LSTM Hybrid Model

The proliferation of malicious applications has increased rapidly, requiring a more effective approach than traditional methods for auditing and matching code. The behavior of malicious software provides valuable information, with the API call sequence, which represents the order in which operations are generated by both malicious and benign software in a sandbox environment, has become a crucial data source. In this paper, we propose a hybrid model that combines convolutional neural network (CNN) and long short-term memory network (LSTM) to detect and classify malware. We train and classify the model using a large dataset of API sequences called by both malicious and non-malicious software. Compared to traditional machine learning methods, our model eliminates the need for manual extraction of specific instruction calls from assembly code. Furthermore, compared to other deep learning models, hybrid model with LSTM shows significantly improved detection performance. Specifically, the CNN-LSTM model achieves a 24% and 22% increase in accuracy and at least a 16% and 14% higher F1 score compared to other models. These results demonstrate the effectiveness of our proposed model in enhancing malware detection capabilities.