ASSCA: API sequence and statistics features combined architecture for malware detection

In this paper, a new deep learning and machine learning combined model is proposed for malware behavior analysis. One part of it analyzes the dependency relation in API (Application Programming Interface) call sequence at the functional level, and extracts features for random forest to learn and classify. The other part employs a bidirectional residual neural network to study the API sequence and discover malware with redundant information preprocessing. In the API call sequence, future information is much more important for conjecturing the semantic of the current API call. We conducted experiments on a malware dataset. The experiment results show that both methods can effectively detect malwares. However, the combined framework has better classification performance. The classification accuracy of the combined malware detection architecture is 0.967.