IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i10p369-d1497719.html
   My bibliography  Save this article

Malware Detection Based on API Call Sequence Analysis: A Gated Recurrent Unit–Generative Adversarial Network Model Approach

Author

Listed:
  • Nsikak Owoh

    (Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK)

  • John Adejoh

    (Department of Software Engineering, African University of Science and Technology, Abuja 900107, Nigeria)

  • Salaheddin Hosseinzadeh

    (Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK)

  • Moses Ashawa

    (Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK)

  • Jude Osamor

    (School of Computer Science and Engineering, University of Westminster, 309 Regent Street, London W1B 2HW, UK)

  • Ayyaz Qureshi

    (Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK)

Abstract

Malware remains a major threat to computer systems, with a vast number of new samples being identified and documented regularly. Windows systems are particularly vulnerable to malicious programs like viruses, worms, and trojans. Dynamic analysis, which involves observing malware behavior during execution in a controlled environment, has emerged as a powerful technique for detection. This approach often focuses on analyzing Application Programming Interface (API) calls, which represent the interactions between the malware and the operating system. Recent advances in deep learning have shown promise in improving malware detection accuracy using API call sequence data. However, the potential of Generative Adversarial Networks (GANs) for this purpose remains largely unexplored. This paper proposes a novel hybrid deep learning model combining Gated Recurrent Units (GRUs) and GANs to enhance malware detection based on API call sequences from Windows portable executable files. We evaluate our GRU–GAN model against other approaches like Bidirectional Long Short-Term Memory (BiLSTM) and Bidirectional Gated Recurrent Unit (BiGRU) on multiple datasets. Results demonstrated the superior performance of our hybrid model, achieving 98.9% accuracy on the most challenging dataset. It outperformed existing models in resource utilization, with faster training and testing times and low memory usage.

Suggested Citation

  • Nsikak Owoh & John Adejoh & Salaheddin Hosseinzadeh & Moses Ashawa & Jude Osamor & Ayyaz Qureshi, 2024. "Malware Detection Based on API Call Sequence Analysis: A Gated Recurrent Unit–Generative Adversarial Network Model Approach," Future Internet, MDPI, vol. 16(10), pages 1-29, October.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:10:p:369-:d:1497719
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/10/369/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/10/369/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:10:p:369-:d:1497719. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.