NLP-Driven Malware Classification: A Jaccard Similarity Approach

Abstract

Malware classification is a critical task in cybersecu-rity, essential for identifying and mitigating threats. This paper presents an approach to malware classification using Natural Language Processing (NLP) techniques coupled with Jaccard similarity. We propose utilizing n-grams of API call sequences, comprising API names and their arguments, to represent the be- haviour of malware samples. By computing the Jaccard similarity between these n-grams, we can effectively capture the similarities and differences in malware behaviour. Our experiments reveal that different n-grams exhibit varying classification abilities, with some performing better for specific types of malware. Moreover, we observe that increasing the value of n in n-grams leads to improved evaluation metrics, indicating the effectiveness of our approach. Overall, our method offers a promising approach to malware classification, leveraging NLP and Jaccard similarity to enhance accuracy and effectiveness in identifying malware variants.