Prompt Engineering-assisted Malware Dynamic Analysis Using GPT-4
CoRR(2023)
摘要
Dynamic analysis methods effectively identify shelled, wrapped, or obfuscated
malware, thereby preventing them from invading computers. As a significant
representation of dynamic malware behavior, the API (Application Programming
Interface) sequence, comprised of consecutive API calls, has progressively
become the dominant feature of dynamic analysis methods. Though there have been
numerous deep learning models for malware detection based on API sequences, the
quality of API call representations produced by those models is limited. These
models cannot generate representations for unknown API calls, which weakens
both the detection performance and the generalization. Further, the concept
drift phenomenon of API calls is prominent. To tackle these issues, we
introduce a prompt engineering-assisted malware dynamic analysis using GPT-4.
In this method, GPT-4 is employed to create explanatory text for each API call
within the API sequence. Afterward, the pre-trained language model BERT is used
to obtain the representation of the text, from which we derive the
representation of the API sequence. Theoretically, this proposed method is
capable of generating representations for all API calls, excluding the
necessity for dataset training during the generation process. Utilizing the
representation, a CNN-based detection model is designed to extract the feature.
We adopt five benchmark datasets to validate the performance of the proposed
model. The experimental results reveal that the proposed detection algorithm
performs better than the state-of-the-art method (TextCNN). Specifically, in
cross-database experiments and few-shot learning experiments, the proposed
model achieves excellent detection performance and almost a 100% recall rate
for malware, verifying its superior generalization performance. The code is
available at: github.com/yan-scnu/Prompted_Dynamic_Detection.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要