A malware detection method with function parameters encoding and function dependency modeling
As computers are widely used in people’s work and daily lives, malware has become an increasing threat to network security. Although researchers have introduced traditional machine learning and deep learning methods to conduct extensive research on functions in malware detection, these methods have...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
PeerJ Inc.
2025-06-01
|
| Series: | PeerJ Computer Science |
| Subjects: | |
| Online Access: | https://peerj.com/articles/cs-2946.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849693980703326208 |
|---|---|
| author | Ronghao Hou Dongjie Liu Xiaobo Jin Jian Weng Guanggang Geng |
| author_facet | Ronghao Hou Dongjie Liu Xiaobo Jin Jian Weng Guanggang Geng |
| author_sort | Ronghao Hou |
| collection | DOAJ |
| description | As computers are widely used in people’s work and daily lives, malware has become an increasing threat to network security. Although researchers have introduced traditional machine learning and deep learning methods to conduct extensive research on functions in malware detection, these methods have largely ignored the analysis of function parameters and functional dependencies. To address these limitations, we propose a new malware detection method. Specifically, we first design a parameter encoder to convert various types of function parameters into feature vectors, and then discretize various parameter features through clustering methods to enhance the representation of API encoding. Additionally, we design a deep neural network to capture functional dependencies, enabling the generation of robust semantic representations of function sequences. Experiments on a large-scale malware detection dataset demonstrate that our method outperforms other techniques, achieving 98.62% accuracy and a 98.40% F1-score. Furthermore, the results of ablation experiments show the important role of function parameters and functional dependencies in malware detection. |
| format | Article |
| id | doaj-art-3fa589c77822484e94c5ca2a67235692 |
| institution | DOAJ |
| issn | 2376-5992 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | PeerJ Inc. |
| record_format | Article |
| series | PeerJ Computer Science |
| spelling | doaj-art-3fa589c77822484e94c5ca2a672356922025-08-20T03:20:14ZengPeerJ Inc.PeerJ Computer Science2376-59922025-06-0111e294610.7717/peerj-cs.2946A malware detection method with function parameters encoding and function dependency modelingRonghao Hou0Dongjie Liu1Xiaobo Jin2Jian Weng3Guanggang Geng4School for Cyberspace Security, Jinan University, Guangzhou, Guangdong, ChinaSchool for Cyberspace Security, Jinan University, Guangzhou, Guangdong, ChinaDepartment of Electrical and Electronic Engineering, Xi’an Jiaotong-Liverpool University, Suzhou, Jiangsu, ChinaSchool for Cyberspace Security, Jinan University, Guangzhou, Guangdong, ChinaSchool for Cyberspace Security, Jinan University, Guangzhou, Guangdong, ChinaAs computers are widely used in people’s work and daily lives, malware has become an increasing threat to network security. Although researchers have introduced traditional machine learning and deep learning methods to conduct extensive research on functions in malware detection, these methods have largely ignored the analysis of function parameters and functional dependencies. To address these limitations, we propose a new malware detection method. Specifically, we first design a parameter encoder to convert various types of function parameters into feature vectors, and then discretize various parameter features through clustering methods to enhance the representation of API encoding. Additionally, we design a deep neural network to capture functional dependencies, enabling the generation of robust semantic representations of function sequences. Experiments on a large-scale malware detection dataset demonstrate that our method outperforms other techniques, achieving 98.62% accuracy and a 98.40% F1-score. Furthermore, the results of ablation experiments show the important role of function parameters and functional dependencies in malware detection.https://peerj.com/articles/cs-2946.pdfMalware detectionAPI sequenceDeep learningRun-time parameter |
| spellingShingle | Ronghao Hou Dongjie Liu Xiaobo Jin Jian Weng Guanggang Geng A malware detection method with function parameters encoding and function dependency modeling PeerJ Computer Science Malware detection API sequence Deep learning Run-time parameter |
| title | A malware detection method with function parameters encoding and function dependency modeling |
| title_full | A malware detection method with function parameters encoding and function dependency modeling |
| title_fullStr | A malware detection method with function parameters encoding and function dependency modeling |
| title_full_unstemmed | A malware detection method with function parameters encoding and function dependency modeling |
| title_short | A malware detection method with function parameters encoding and function dependency modeling |
| title_sort | malware detection method with function parameters encoding and function dependency modeling |
| topic | Malware detection API sequence Deep learning Run-time parameter |
| url | https://peerj.com/articles/cs-2946.pdf |
| work_keys_str_mv | AT ronghaohou amalwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT dongjieliu amalwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT xiaobojin amalwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT jianweng amalwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT guangganggeng amalwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT ronghaohou malwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT dongjieliu malwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT xiaobojin malwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT jianweng malwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling AT guangganggeng malwaredetectionmethodwithfunctionparametersencodingandfunctiondependencymodeling |