Abstract

In this thesis, we introduce a comprehensive framework that combines natural language processing
(NLP) techniques and machine learning (ML) algorithms for the early detection and prediction
of malware activities. The core contribution of our research is the innovative application of
text classification methods, particularly Bi-LSTM neural networks and Bayesian neural networks
(BNN), to interpret application programming interface (API) call sequences as natural language
inputs. This novel approach enables us to predict upcoming malware actions, facilitating proactive
threat identification and mitigation. Our first framework employs a Bi-LSTM model to predict
the next API call, treating consecutive API calls as 2-gram and 3-gram strings. These are then
processed using a Bagging-XGBoost algorithm, enhancing the model’s ability to detect malware
presence in its early stages. The second framework advances this concept by utilizing a Bayesian
Bi-LSTM neural network. This model not only forecasts the future actions of running malware
but also quantifies the uncertainty associated with each prediction, providing a probabilistic insight
into potential malware actions. By providing the second and third most probable predictions, we
significantly improve the reliability and performance of the decision-making process. Both frameworks
are rigorously evaluated through simulations, demonstrating their effectiveness in malware
detection and action prediction. Integrating these two approaches within a single thesis represents
a significant step in applying NLP principles to cybersecurity, particularly in understanding and
countering malware threats more effectively and efficiently.