ASSCA: API based Sequence and Statistics features Combined malware detection Architecture

Abstract Dynamic analysis of malware sample is an important method in the malware detection. In this paper, a malware detection architecture is proposed that combines machine learning and deep learning. The combination classification architecture focuses on the dynamic behavior of a malware sample. A new feature extraction method is proposed for dynamic behavior analysis. In this paper, recurrent neural network model is used to extracts the abstract features. Several sequence data preprocessing methods are studied to remove the redundant data. Experiments show that the AUC of the combination architecture is 99.3%. The classification performance of the combination architecture is better than the separate machine learning or deep learning.