Mutation Dwarf Mongoose Optimization (Mdmo) Based Feature Engineering And Peephole Long Short-Term Memory (Plstm) Model For Malware Family Classification With Api Call Analysis

Abstract

Recently, there has been a notable surge in the development of malware. A serious security concern for both consumers and enterprises is malware development. The constant attempts by security research to prevent malware attacks are constantly prevented by malware developers. The best option for characterising malware behaviour is the Application Programming Interface (API). Achieving high classification accuracy (ACC) while concurrently resolving the problem of high-dimensional feature sets is the key obstacle when creating API call features for classification algorithms, particularly in fields like malware detection (MD). A new feature selection (FS) and classification model based on the Windows (MDS) malware detection system's API call sequence is presented in this research.Mutation (DMO) Dwarf Mongoose Optimization (MDMO) feature selection is introduced for selecting optimal features from API calls. The restricted way of prey capture (feeding) and foraging behaviour of the dwarf mongoose (DM) are mimicked by MDMO. In order to compensate for the effective feature selection from the API calls dataset, MDMO has significantly changed the social behaviour of the mongooses. To choose the best traits for malware classification, MDMO uses the dwarf mongoose's social groups such as the scout group, alpha group, and babysitters. To acquire integrated embedding from heterogeneous static and dynamic data, the MDMO technique is suggested. The PLSTM classifier is introduced for the purpose of determining hidden trends that many malware API calls generate. With the exception of the calculations for the peephole connections that the cell needs in order to control the gates, PLSTM works similarly to those of standard LSTM.The suggested approach is evaluated with the Windows MD Dataset on Kaggle.  For simulation, the following performance metrics can be used: accuracy (ACC), precision (P), recall (R), and F1-score. From the outcomes, it is clear that the PLSTM can effectively boost the performance when compared to other methods using those metrics.