Detection and classification of malware based on FastText

Nowadays, the Internet has penetrated into every corner of people's lives. It brings convenience to my life as well as certain risks. Millions of new types of malware appear every day, affecting thousands or even millions of home computer users. And attackers can use fully automated design and reuse malware, which makes the threshold for cybercrime lower and lower. Therefore, we urgently need a detection technology that can be applied to the current rapidly changing malware ecosystem. Based on the fact that the implementation of software functions must use Windows API functions, this paper proposes to dynamically extract the API call sequence patterns of different categories of malware, then used FastText as the classifier and word representation. The model is applied to two open malware datasets, and the experimental results show that the proposed method has high detection rate and low false alarm rate, which proves that it can effectively detect and classify malware.