Static Malware Detection Using Stacked BiLSTM and GPT-2

In recent years, cyber threats and malicious software attacks have been escalated on various platforms. Therefore, it has become essential to develop automated machine learning methods for defending against malware. the present study, we propose stacked bidirectional long short-term memory (Stacked BiLSTM) generative pre-trained transformer based (GPT-2) deep language models detecting code. We developed using assembly instructions extracted from .text sections of benign Portable Executable (PE) files. treated each instruction as a sentence section document. also labeled document or malicious, according file source. created three datasets those sentences documents. The first dataset, composed documents, was fed into Document Level Analysis Model (DLAM) Stacked BiLSTM. second sentences, used in Sentence Models (SLAMs) BiLSTM DistilBERT, GPT-2 Domain Specific Language (GPT2- DSLM), General (GPT2-GLM). Lastly, merged all without labels creating third dataset; then custom model with it. compared malware detection performances. results showed that improved GPT2-DSLM GPT2-GLM performance. experiments DLAM, SLAM GPT2-DSLM, achieved 98.3%, 70.4%, 86.0%, 76.2% F1 scores, respectively.