A Novel Malware Detection Model in the Software Supply Chain Based on LSTM and SVMs

With the increasingly severe challenge of Software Supply Chain (SSC) security, the rising trend in guarding against security risks has attracted widespread attention. Existing techniques still face challenges in both accuracy and efficiency when detecting malware in SSC. To meet this challenge, this paper introduces two novel models, named the Bayesian Optimization-based Support Vector Machine (BO-SVM) and the Long Short-Term Memory-BO-SVM (LSTM-BO-SVM). The BO-SVM model is constructed on an SVM foundation, with its hyperparameters optimized by Bayesian Optimization. To further enhance its accuracy and efficiency, the LSTM-BO-SVM model is proposed, building upon BO-SVM and employing LSTM networks for pre-classification. Extensive experiments were conducted on two datasets: the balanced ClaMP dataset and the unbalanced CICMalDroid-2020 dataset. The experimental results indicate that the BO-SVM model is superior to other models in terms of accuracy; the accuracy of the LSTM-BO-SVM model on the two datasets is 98.2% and 98.6%, respectively, which is 2.9% and 2.2% higher than that of the BO-SVM on these two datasets.