Research Article
An API Semantics-Aware Malware Detection Method Based on Deep Learning
Algorithm 1
Classifying an unknown sample.
| Input: , (the length of sample), N (the length of the window), M (threshold for voting), C (a set of all trained model for classification) | | Output: (store all API slices to be cut) | | (1) | function SplitWindow (, , N) | | (2) | initial place in the beginning of the sample | | (3) | repeat | | (4) | split the sample with the solid window | | (5) | move the window with a step 1 | | (6) | until move to the end of sample | | (7) | move all API slices into | | (8) | Remove duplicates | | (9) | return | | (10) | end function | | (11) | | | Input: (generated by Call SplitWindow ()), M (threshold for voting), C (a set of all trained model for classification) | | Output: (normal or malicious) | | (12) | functionDECISION MAKING (, m, C) | | (13) | for each do | | (14) | for each do | | (15) | | | (16) | if then | | (17) | s is belong to normal slice | | (18) | else | | (19) | s is belong to malicious slice | | (20) | end if | | (21) | record the result for s | | (22) | end for | | (23) | end for | | (24) | | | (25) | | | (26) | if then | | (27) | return malicious | | (28) | else | | (29) | return normal | | (30) | |
|
