Abstract In this paper, we propose an efficient Recurrent Neural Network (RNN) to detect malware. RNN is a classification of artificial neural networks connected between nodes to form a directed graph alongside with a temporal sequence. In this paper, we have conducted several experiments using different values of hyper parameters. From our rigorous experimentations, we found that the step size is a more important factor than the input size when using RNN for malware classification. To justify the proof-of-concept for RNN as an efficient approach for malware detection, we measured the performance of RNN with three different feature vectors using hyper parameters. The three feature vectors are “hot encoding feature vector”, “random feature vector” and “Word2Vec feature vector”. We also performed a pairwise t-test to test the results if they are significant with each other. Our results show that, RNN with Word2Vec feature vector achieved the highest Area Under the Curve (AUC) value and a good variance among three feature vectors. From the empirical analysis, we conclude that RNN with feature vectors pertained by the Skip-gram architecture of Word2Vec model is best for malware detection with high performance and stability.

中文翻译：

---

用于检测恶意软件的循环神经网络

摘要 在本文中，我们提出了一种高效的循环神经网络 (RNN) 来检测恶意软件。RNN 是一种在节点之间连接以形成有向图和时间序列的人工神经网络的分类。在本文中，我们使用不同的超参数值进行了多次实验。从我们严格的实验中，我们发现在使用 RNN 进行恶意软件分类时，步长是比输入大小更重要的因素。为了证明 RNN 的概念证明是一种有效的恶意软件检测方法，我们使用超参数通过三个不同的特征向量测量了 RNN 的性能。这三个特征向量分别是“热编码特征向量”、“随机特征向量”和“Word2Vec特征向量”。我们还进行了成对 t 检验以测试结果是否彼此显着。我们的结果表明，带有 Word2Vec 特征向量的 RNN 在三个特征向量中实现了最高的曲线下面积 (AUC) 值和良好的方差。从实证分析中，我们得出结论，具有 Word2Vec 模型的 Skip-gram 架构的特征向量的 RNN 最适合具有高性能和稳定性的恶意软件检测。