Malware Detection and Classification Using fastText and BERT

Abstract

Among the types of cyber-attacks, malware that causes high financial losses for institutions and individuals is the biggest threat to computer systems. Kinds of malware increase day-by-day and new types are released, which can easily infect our computers through injection vectors such as e-mail, websites, web applications that we use constantly. It is very important to automatically detect them and protect our computer systems against malware threats. Analysis methods are available to protect our computer systems against malware threats. Dynamic analysis is highly effective in obtaining behavioral information of the software on the computer system and can obtain the API call sequence information of the malware. However, the API call sequence can be too long and difficult to understand. This paper proposes subjects the API call sequence to the purification and optimization process. This behavior information is used for the automatic classification task and then used for classification and word representation tasks using the fastText and BERT algorithms. It was used on three different open data sets to see the success of the method. The fastText model performed better than the BERT model in classification and detection tasks.