In this paper, we propose a novel model for a malware classification system based on Application Programming Interface (API) calls and opcodes, to improve classification accuracy. This system uses a novel design of combined Convolutional Neural Network and Long Short-Term Memory. We extract opcode sequences and API Calls from Windows malware samples for classification. We transform these features into N-grams (N = 2, 3, and 10)-gram sequences. Our experiments on a dataset of 9,749,57 samples produce high accuracy of 99.91% using the 8-gram sequences. Our method significantly improves the malware classification performance when using a wide range of recent deep learning architectures, leading to state-of-the-art performance. In particular, we experiment with ConvNeXt-T, ConvNeXt-S, RegNetY-4GF, RegNetY-8GF, RegNetY-12GF, EfficientNetV2, Sequencer2D-L, Swin-T, ViT-G/14, ViT-Ti, ViT-S, VIT-B, VIT-L, and MaxViT-B. Among these architectures, Swin-T and Sequencer2D-L architectures achieved high accuracies of 99.82% and 99.70%, respectively, comparable to our CNN-LSTM architecture although not surpassing it.

翻译：本文提出了一种基于应用程序编程接口(API)调用和操作码的恶意软件分类系统新模型，旨在提高分类准确率。该系统采用卷积神经网络与长短期记忆网络相结合的新型设计。我们从Windows恶意软件样本中提取操作码序列和API调用进行分类，并将这些特征转换为N元语法(N=2,3,8,10)序列。在包含9,749,57个样本的数据集上，使用8-gram序列的实验取得了99.91%的高准确率。我们的方法在采用多种最新深度学习架构时显著提升了恶意软件分类性能，达到了业界领先水平。具体而言，我们对ConvNeXt-T、ConvNeXt-S、RegNetY-4GF、RegNetY-8GF、RegNetY-12GF、EfficientNetV2、Sequencer2D-L、Swin-T、ViT-G/14、ViT-Ti、ViT-S、ViT-B、ViT-L和MaxViT-B等架构进行了实验。在这些架构中，Swin-T和Sequencer2D-L架构分别取得了99.82%和99.70%的高准确率，与我们的CNN-LSTM架构性能相当，但仍未超越后者。