Research Article
An API Semantics-Aware Malware Detection Method Based on Deep Learning
Algorithm 1
Classifying an unknown sample.
Input: , (the length of sample), N (the length of the window), M (threshold for voting), C (a set of all trained model for classification) | Output: (store all API slices to be cut) | (1) | function SplitWindow (, , N) | (2) | initial place in the beginning of the sample | (3) | repeat | (4) | split the sample with the solid window | (5) | move the window with a step 1 | (6) | until move to the end of sample | (7) | move all API slices into | (8) | Remove duplicates | (9) | return | (10) | end function | (11) | | Input: (generated by Call SplitWindow ()), M (threshold for voting), C (a set of all trained model for classification) | Output: (normal or malicious) | (12) | functionDECISION MAKING (, m, C) | (13) | for each do | (14) | for each do | (15) | | (16) | if then | (17) | s is belong to normal slice | (18) | else | (19) | s is belong to malicious slice | (20) | end if | (21) | record the result for s | (22) | end for | (23) | end for | (24) | | (25) | | (26) | if then | (27) | return malicious | (28) | else | (29) | return normal | (30) | |
|