A novel DL approach to PE malware detection: exploring Glove vectorization, MCC_RCNN and feature fusion

TL;DR

This paper introduces a deep learning framework for PE malware detection that combines Glove-based vectorization, MCC_RCNN architecture, and feature fusion, achieving higher accuracy than existing methods.

Contribution

It presents a novel malware detection approach using Glove embeddings, MCC_RCNN architecture, and feature fusion, advancing static analysis techniques.

Findings

Higher prediction accuracy than baseline methods

Effective Glove-based vectorization of malware features

Improved static behavior classification

Abstract

In recent years, malware becomes more threatening. Concerning the increasing malware variants, there comes Machine Learning (ML)-based and Deep Learning (DL)-based approaches for heuristic detection. Nevertheless, the prediction accuracy of both needs to be improved. In response to the above issues in the PE malware domain, we propose the DL-based approaches for detection and use static-based features fed up into models. The contributions are as follows: we recapitulate existing malware detection methods. That is, we propose a vec-torized representation model of the malware instruction layer and semantic layer based on Glove. We implement a neural network model called MCC_RCNN (Malware Detection and Recurrent Convolutional Neural Network), comprising of the combination with CNN and RNN. Moreover, we provide a description of feature fusion in static behavior levels. With the numerical results generated from several comparative experiments towards evaluating the Glove-based vectoriza-tion, MCC_RCNN-based classification methodology and feature fusion stages, our proposed classification methods can obtain a higher prediction accuracy than the other baseline methods.