Since the number of malware is increasing rapidly, it continuously poses a risk to the field of network security. Attention mechanism has made great progress in the field of natural language processing. At the same time, there are many research studies based on malicious code API, which is also like semantic information. It is a worthy study to apply attention mechanism to API semantics. In this paper, we firstly study the characters of the API execution sequence and classify them into 17 categories. Secondly, we propose a novel feature extraction method based on API execution sequence according to its semantics and structure information. Thirdly, based on the API data characteristics and attention mechanism features, we construct a detection framework SLAM based on local attention mechanism and sliding window method. Experiments show that our model achieves a better performance, which is a higher accuracy of 0.9723.

中文翻译：

---

SLAM：一种基于滑动局部注意机制的恶意软件检测方法

由于恶意软件的数量正在迅速增加，因此不断对网络安全领域构成风险。注意机制在自然语言处理领域取得了长足的进步。同时，基于恶意代码API的研究也很多，这也像语义信息一样。将注意机制应用于API语义是一项值得研究的研究。在本文中，我们首先研究API执行序列的特征并将其分为17类。其次，根据语义和结构信息，提出了一种基于API执行序列的特征提取方法。第三，基于API数据特征和注意机制特征，基于局部注意机制和滑动窗口方法构造了检测框架SLAM。