Signature and anomaly based techniques are the quintessential approaches to malware detection. However, these techniques have become increasingly ineffective as malware has become more sophisticated and complex. Researchers have therefore turned to deep learning to construct better performing model. In this paper, we create four different long-short term memory (LSTM) based models and train each to classify malware samples from 20 families. Our features consist of opcodes extracted from malware executables. We employ techniques used in natural language processing (NLP), including word embedding and bidirection LSTMs (biLSTM), and we also use convolutional neural networks (CNN). We find that a model consisting of word embedding, biLSTMs, and CNN layers performs best in our malware classification experiments.

中文翻译：

---

使用长短期记忆模型的恶意软件分类

基于签名和异常的技术是恶意软件检测的典型方法。但是，随着恶意软件变得越来越复杂和复杂，这些技术变得越来越无效。因此，研究人员已转向深度学习来构建性能更好的模型。在本文中，我们创建了四个不同的基于长期短期记忆（LSTM）的模型，并对每个模型进行了训练以对20个家族的恶意软件样本进行分类。我们的功能包括从恶意软件可执行文件中提取的操作码。我们采用自然语言处理（NLP）中使用的技术，包括单词嵌入和双向LSTM（biLSTM），还使用卷积神经网络（CNN）。我们发现，由词嵌入，biLSTM和CNN层组成的模型在我们的恶意软件分类实验中表现最佳。