Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls

Jeffrey C. Rombough; Larbi Esmahi

doi:10.1007/978-3-031-94956-2_6

Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls

Jeffrey C. Rombough, Larbi Esmahi

School of Computing and Information systems

Athabasca University

Research output: Chapter in Book/Report/Conference proceeding › Published Conference contribution › peer-review

Abstract

Malware developers have learned how to confuse researchers who are trying to reverse engineer their methods in static analysis. Dynamic analysis monitors the computer’s behaviour during malware execution and has an advantage over static analysis as it is less susceptible to malware’s attempts of method obfuscation. With the widespread use of Linux-based Internet of Things (IoT) devices, attacks on Linux-based assets have significantly increased. Linux uses system calls to allow a user’s program to interface with the operating system’s resources. These system calls can be analyzed in a dynamic fashion to determine if malware is affecting the operating system’s behaviour. In this paper, the combination of two AI technologies, Generative Adversarial Network (GAN) and Long-Short-Term-Memory (LSTM) network are used for detecting malware in Linux systems. The experimental findings of this research show promising results for using such technology in malware detection.

Original language	English
Title of host publication	Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings
Editors	Hamid R. Arabnia, Leonidas Deligiannidis, Farzan Shenavarmasouleh, Soheyla Amirian, Farid Ghareh Mohammadi
Pages	77-90
Number of pages	14
DOIs	https://doi.org/10.1007/978-3-031-94956-2_6
Publication status	Published - 2025
Event	11th International Conference on Computational Science and Computational Intelligence, CSCI 2024 - Las Vegas, United States Duration: 11 Dec. 2024 → 13 Dec. 2024

Publication series

Name	Communications in Computer and Information Science
Volume	2510 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	11th International Conference on Computational Science and Computational Intelligence, CSCI 2024
Country/Territory	United States
City	Las Vegas
Period	11/12/24 → 13/12/24

Keywords

Generative Adversarial Network
Linux system calls
LSTM
Machine learning
Malware detection

Access to Document

10.1007/978-3-031-94956-2_6

Cite this

Rombough, J. C., & Esmahi, L. (2025). Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls. In H. R. Arabnia, L. Deligiannidis, F. Shenavarmasouleh, S. Amirian, & F. Ghareh Mohammadi (Eds.), Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings (pp. 77-90). (Communications in Computer and Information Science; Vol. 2510 CCIS). https://doi.org/10.1007/978-3-031-94956-2_6

Rombough, Jeffrey C. ; Esmahi, Larbi. / Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls. Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings. editor / Hamid R. Arabnia ; Leonidas Deligiannidis ; Farzan Shenavarmasouleh ; Soheyla Amirian ; Farid Ghareh Mohammadi. 2025. pp. 77-90 (Communications in Computer and Information Science).

@inproceedings{c288e5b0e880407bb1e636ea7bae77ff,

title = "Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls",

abstract = "Malware developers have learned how to confuse researchers who are trying to reverse engineer their methods in static analysis. Dynamic analysis monitors the computer{\textquoteright}s behaviour during malware execution and has an advantage over static analysis as it is less susceptible to malware{\textquoteright}s attempts of method obfuscation. With the widespread use of Linux-based Internet of Things (IoT) devices, attacks on Linux-based assets have significantly increased. Linux uses system calls to allow a user{\textquoteright}s program to interface with the operating system{\textquoteright}s resources. These system calls can be analyzed in a dynamic fashion to determine if malware is affecting the operating system{\textquoteright}s behaviour. In this paper, the combination of two AI technologies, Generative Adversarial Network (GAN) and Long-Short-Term-Memory (LSTM) network are used for detecting malware in Linux systems. The experimental findings of this research show promising results for using such technology in malware detection.",

keywords = "Generative Adversarial Network, Linux system calls, LSTM, Machine learning, Malware detection",

author = "Rombough, \{Jeffrey C.\} and Larbi Esmahi",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 11th International Conference on Computational Science and Computational Intelligence, CSCI 2024 ; Conference date: 11-12-2024 Through 13-12-2024",

year = "2025",

doi = "10.1007/978-3-031-94956-2\_6",

language = "English",

isbn = "9783031949555",

series = "Communications in Computer and Information Science",

pages = "77--90",

editor = "Arabnia, \{Hamid R.\} and Leonidas Deligiannidis and Farzan Shenavarmasouleh and Soheyla Amirian and \{Ghareh Mohammadi\}, Farid",

booktitle = "Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings",

}

Rombough, JC & Esmahi, L 2025, Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls. in HR Arabnia, L Deligiannidis, F Shenavarmasouleh, S Amirian & F Ghareh Mohammadi (eds), Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings. Communications in Computer and Information Science, vol. 2510 CCIS, pp. 77-90, 11th International Conference on Computational Science and Computational Intelligence, CSCI 2024, Las Vegas, United States, 11/12/24. https://doi.org/10.1007/978-3-031-94956-2_6

Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls. / Rombough, Jeffrey C.; Esmahi, Larbi.
Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings. ed. / Hamid R. Arabnia; Leonidas Deligiannidis; Farzan Shenavarmasouleh; Soheyla Amirian; Farid Ghareh Mohammadi. 2025. p. 77-90 (Communications in Computer and Information Science; Vol. 2510 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Published Conference contribution › peer-review

TY - GEN

T1 - Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls

AU - Rombough, Jeffrey C.

AU - Esmahi, Larbi

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - Malware developers have learned how to confuse researchers who are trying to reverse engineer their methods in static analysis. Dynamic analysis monitors the computer’s behaviour during malware execution and has an advantage over static analysis as it is less susceptible to malware’s attempts of method obfuscation. With the widespread use of Linux-based Internet of Things (IoT) devices, attacks on Linux-based assets have significantly increased. Linux uses system calls to allow a user’s program to interface with the operating system’s resources. These system calls can be analyzed in a dynamic fashion to determine if malware is affecting the operating system’s behaviour. In this paper, the combination of two AI technologies, Generative Adversarial Network (GAN) and Long-Short-Term-Memory (LSTM) network are used for detecting malware in Linux systems. The experimental findings of this research show promising results for using such technology in malware detection.

AB - Malware developers have learned how to confuse researchers who are trying to reverse engineer their methods in static analysis. Dynamic analysis monitors the computer’s behaviour during malware execution and has an advantage over static analysis as it is less susceptible to malware’s attempts of method obfuscation. With the widespread use of Linux-based Internet of Things (IoT) devices, attacks on Linux-based assets have significantly increased. Linux uses system calls to allow a user’s program to interface with the operating system’s resources. These system calls can be analyzed in a dynamic fashion to determine if malware is affecting the operating system’s behaviour. In this paper, the combination of two AI technologies, Generative Adversarial Network (GAN) and Long-Short-Term-Memory (LSTM) network are used for detecting malware in Linux systems. The experimental findings of this research show promising results for using such technology in malware detection.

KW - Generative Adversarial Network

KW - Linux system calls

KW - LSTM

KW - Machine learning

KW - Malware detection

UR - https://www.scopus.com/pages/publications/105014511104

U2 - 10.1007/978-3-031-94956-2_6

DO - 10.1007/978-3-031-94956-2_6

M3 - Published Conference contribution

AN - SCOPUS:105014511104

SN - 9783031949555

T3 - Communications in Computer and Information Science

SP - 77

EP - 90

BT - Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings

A2 - Arabnia, Hamid R.

A2 - Deligiannidis, Leonidas

A2 - Shenavarmasouleh, Farzan

A2 - Amirian, Soheyla

A2 - Ghareh Mohammadi, Farid

T2 - 11th International Conference on Computational Science and Computational Intelligence, CSCI 2024

Y2 - 11 December 2024 through 13 December 2024

ER -

Rombough JC, Esmahi L. Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls. In Arabnia HR, Deligiannidis L, Shenavarmasouleh F, Amirian S, Ghareh Mohammadi F, editors, Computational Science and Computational Intelligence - 11th International Conference, CSCI 2024, Proceedings. 2025. p. 77-90. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-94956-2_6

Dynamic Malware Detection Using LSTM Based GANs and Linux System Calls

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this