Cryptocurrency malware hunting: A deep Recurrent Neural Network approach

In recent years, cryptocurrency trades have increased dramatically, and this trend has attracted cyber-threat actors to exploit the existing vulnerabilities and infect their targets. The malicious actors use cryptocurrency malware to perform complex computational tasks using infected devices. Since cryptocurrency malware threats perform a legal process, it is a challenging task to detect this type of threat by a manual or heuristic method. In this paper, we propose a novel deep Recurrent Neural Network (RNN) learning model for hunting cryptocurrency malware threats. Specifically, our proposed model utilizes the RNN to analyze Windows applications' operation codes (Opcodes) as a case study. We collect a real-world dataset that comprises of 500 cryptocurrency malware and 200 benign-ware samples, respectively. The proposed model trains with five different Long Short-Term Memory (LSTM) structures and is evaluated by a 10-fold cross-validation (CV) technique. The obtained results prove that a 3-layer configuration model gains 98% of detection accuracy, which is the highest rate among other current configurations. We also applied traditional machine learning (ML) classifiers to show the applicability of deep learners (LSTM) versus traditional models in dealing with cryptocurrency malware. (C) 2020 Elsevier B.V. All rights reserved.