Convolutional Long Short-Term Memory for fileless malware detection
In the realm of cybersecurity, the rise of fileless malware presents a significant challenge to endpoint security. Traditional malware detection methods often fall short against these sophisticated attacks, necessitating the use of advanced techniques such as deep learning models. This study addr...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/119873/ http://psasir.upm.edu.my/id/eprint/119873/1/119873.pdf |
| _version_ | 1848868073216409600 |
|---|---|
| author | Kareegalan, Kunaprasan |
| author_facet | Kareegalan, Kunaprasan |
| author_sort | Kareegalan, Kunaprasan |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | In the realm of cybersecurity, the rise of fileless malware presents a significant
challenge to endpoint security. Traditional malware detection methods often
fall short against these sophisticated attacks, necessitating the use of
advanced techniques such as deep learning models. This study addresses the
limitations of Bi-Directional Long Short-Term Memory (BLSTM) models in
dynamic malware analysis and proposes enhancements through the
Convolutional Long Short-Term Memory (ConvLSTM) architecture. BLSTM
models are commonly used in dynamic malware analysis, where they process
input sequences in both forward and backward directions, combining the
results into a single output. This dual-layer approach enhances the model's
ability to analyze data from multiple perspectives. However, the process is
time-consuming, potentially increasing the window for successful fileless
malware attacks.
A key limitation of BLSTM models is the lack of parameter sharing between
the forward and backward directions. This absence of shared parameters can
restrict the model's ability to capture spatial and temporal features
simultaneously, potentially reducing its effectiveness in detecting fileless
malware attacks. To address these challenges, this study introduces the
ConvLSTM model, which optimizes malware analysis by consolidating feature
extraction within a single LSTM cell layer. ConvLSTM employs a twodimensional
approach, breaking down samples into subsequences and
leveraging timesteps for additional feature extraction. This strategy enables
the analysis of spatial-temporal data, enhancing the prediction accuracy of true
malware instances.
Unlike traditional LSTM models, ConvLSTM integrates convolutional layers
within its architecture, allowing for parameter sharing across both spatial and
temporal dimensions. This approach reduces computational complexity and
improves the model's performance in understanding multidimensional data
structures. The research involved re-simulating existing work with the BLSTM
model using the same malware dataset. The Spyder app was used to run the
event simulator, and the results from previous work were replaced with those
from the ConvLSTM model, applying the same parameters. Time, accuracy,
and loss were selected as the primary performance metrics to assess the
model's effectiveness. The ConvLSTM model demonstrated superior
performance in detecting fileless malware, achieving a detection accuracy of
98% compared to BLSTM's 90%. ConvLSTM also significantly reduced
processing time, averaging 10 seconds per completion, while BLSTM took 22
seconds. Furthermore, ConvLSTM experienced lower losses, averaging 10%
per epoch compared to BLSTM's 20%.
In conclusion, ConvLSTM represents a promising advancement in fileless
malware detection, offering superior performance over traditional BLSTM
models. Its ability to accurately identify and swiftly mitigate threats, coupled
with enhanced computational efficiency, makes it a robust solution for fortifying
endpoint security against evolving cyber threats. As the cybersecurity
landscape continues to evolve, ConvLSTM holds significant potential in
bolstering defense mechanisms against sophisticated malware attacks,
providing a proactive approach to safeguarding enterprise networks and data
assets. |
| first_indexed | 2025-11-15T14:46:35Z |
| format | Thesis |
| id | upm-119873 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T14:46:35Z |
| publishDate | 2024 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-1198732025-10-09T04:19:02Z http://psasir.upm.edu.my/id/eprint/119873/ Convolutional Long Short-Term Memory for fileless malware detection Kareegalan, Kunaprasan In the realm of cybersecurity, the rise of fileless malware presents a significant challenge to endpoint security. Traditional malware detection methods often fall short against these sophisticated attacks, necessitating the use of advanced techniques such as deep learning models. This study addresses the limitations of Bi-Directional Long Short-Term Memory (BLSTM) models in dynamic malware analysis and proposes enhancements through the Convolutional Long Short-Term Memory (ConvLSTM) architecture. BLSTM models are commonly used in dynamic malware analysis, where they process input sequences in both forward and backward directions, combining the results into a single output. This dual-layer approach enhances the model's ability to analyze data from multiple perspectives. However, the process is time-consuming, potentially increasing the window for successful fileless malware attacks. A key limitation of BLSTM models is the lack of parameter sharing between the forward and backward directions. This absence of shared parameters can restrict the model's ability to capture spatial and temporal features simultaneously, potentially reducing its effectiveness in detecting fileless malware attacks. To address these challenges, this study introduces the ConvLSTM model, which optimizes malware analysis by consolidating feature extraction within a single LSTM cell layer. ConvLSTM employs a twodimensional approach, breaking down samples into subsequences and leveraging timesteps for additional feature extraction. This strategy enables the analysis of spatial-temporal data, enhancing the prediction accuracy of true malware instances. Unlike traditional LSTM models, ConvLSTM integrates convolutional layers within its architecture, allowing for parameter sharing across both spatial and temporal dimensions. This approach reduces computational complexity and improves the model's performance in understanding multidimensional data structures. The research involved re-simulating existing work with the BLSTM model using the same malware dataset. The Spyder app was used to run the event simulator, and the results from previous work were replaced with those from the ConvLSTM model, applying the same parameters. Time, accuracy, and loss were selected as the primary performance metrics to assess the model's effectiveness. The ConvLSTM model demonstrated superior performance in detecting fileless malware, achieving a detection accuracy of 98% compared to BLSTM's 90%. ConvLSTM also significantly reduced processing time, averaging 10 seconds per completion, while BLSTM took 22 seconds. Furthermore, ConvLSTM experienced lower losses, averaging 10% per epoch compared to BLSTM's 20%. In conclusion, ConvLSTM represents a promising advancement in fileless malware detection, offering superior performance over traditional BLSTM models. Its ability to accurately identify and swiftly mitigate threats, coupled with enhanced computational efficiency, makes it a robust solution for fortifying endpoint security against evolving cyber threats. As the cybersecurity landscape continues to evolve, ConvLSTM holds significant potential in bolstering defense mechanisms against sophisticated malware attacks, providing a proactive approach to safeguarding enterprise networks and data assets. 2024-04 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/119873/1/119873.pdf Kareegalan, Kunaprasan (2024) Convolutional Long Short-Term Memory for fileless malware detection. Masters thesis, Universiti Putra Malaysia. http://ethesis.upm.edu.my/id/eprint/18482 Malware (Computer programs) Computer security Artificial intelligence (Computer science) |
| spellingShingle | Malware (Computer programs) Computer security Artificial intelligence (Computer science) Kareegalan, Kunaprasan Convolutional Long Short-Term Memory for fileless malware detection |
| title | Convolutional Long Short-Term Memory for fileless malware detection |
| title_full | Convolutional Long Short-Term Memory for fileless malware detection |
| title_fullStr | Convolutional Long Short-Term Memory for fileless malware detection |
| title_full_unstemmed | Convolutional Long Short-Term Memory for fileless malware detection |
| title_short | Convolutional Long Short-Term Memory for fileless malware detection |
| title_sort | convolutional long short-term memory for fileless malware detection |
| topic | Malware (Computer programs) Computer security Artificial intelligence (Computer science) |
| url | http://psasir.upm.edu.my/id/eprint/119873/ http://psasir.upm.edu.my/id/eprint/119873/ http://psasir.upm.edu.my/id/eprint/119873/1/119873.pdf |