A Malware Classification Method based on Attentive Bidirectional Model

Deep learning techniques have achieved significant improvements in malware analysis application, such as malware detection, malware classification and vulnerability mining. Convolutional neural network (CNN) is applied to extract local features of samples, while recurrent neural network (RNN) mainly extracts global features from sequence context. However, the pooling layer in CNN is a nonlinear dimensionality reduction operation, which can cause a loss of correlation feature. The raw RNN or LSTM model cannot perform parallel computing when calculating the feature vectors, limiting the effect of model application. Hence, we propose a novel malware classification model named BGSA (Bidirectional GRU with Self- Attention), which applies bi-direction gated recurrent unit (BiGRU) and self-attention mechanism. To demonstrate that the model can improve the feature extraction capability, a series of comparison experiments have been conducted on the VxHeavon dataset. The results show that the classification of BGSA reaches 92.54% in term of precision, which surpass the performance of method based on LSTM+CNN and BiGRU.