LOADING

Dynamic malware detection based on enhanced semantic API sequence features

Chen, Zhiguo and Zhou, Lei and Liu, Qingcheng and Meng, Weizhi and Weng, Jian (2026) Dynamic malware detection based on enhanced semantic API sequence features. Expert Systems with Applications, 315: 131781. ISSN 0957-4174

[thumbnail of ESWA-D-25-34249_R2]
Text (ESWA-D-25-34249_R2)
ESWA-D-25-34249_R2.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (1MB)

Abstract

Dynamic malicious software detection aims to assess whether executable programs exhibit malicious behavior by thoroughly studying and analyzing their dynamic features. However, many current methodologies insufficiently explore the semantic features of API sequences and instead rely more on mining parameter information during API call processes to enhance detection performance. This leads to issues such as excessive dependence on prior knowledge, larger model parameter sizes, and higher computational complexities. To that end, this paper proposes an enhanced semantic API sequence feature dynamic malware detection scheme that integrates the RoBERTa pre-training model and gating mechanism. This scheme solely leverages API call sequences that can comprehensively capture the contextual semantic information implicitly embedded during executable file execution. Meanwhile, dynamically adjusting the weights of various modal features within the model enhances sensitivity to different malicious software samples. By fusing multidimensional features, our approach comprehensively captures both the semantic and global characteristics of API sequences, enabling the model to adapt more flexibly to malware variants and thereby improving detection accuracy and robustness. Extensive experiments on four publicly available datasets demonstrate that the proposed method consistently achieves higher detection accuracy and strong generalization across different datasets and task types, including both binary and multi-class classification, thereby validating its effectiveness and practical applicability in dynamic malware detection.

Item Type:
Journal Article
Journal or Publication Title:
Expert Systems with Applications
Uncontrolled Keywords:
Research Output Funding/no_not_funded
Subjects:
?? no - not fundedartificial intelligenceengineering(all)computer science applications ??
Departments:
Faculty of Science and Technology > School of Computing & Communications
ID Code:
236145
Deposited By:
ep_importer_pure
Deposited On:
20 Mar 2026 11:40
Refereed?:
Yes
Published?:
Published
Last Modified:
20 Mar 2026 23:20
URI:
https://eprints.lancs.ac.uk/id/eprint/236145