Intelligent malware detection based on graph convolutional network.

IF 2.5 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Supercomputing Pub Date : 2022-01-01 Epub Date: 2021-08-24 DOI:10.1007/s11227-021-04020-y

Shanxi Li, Qingguo Zhou, Rui Zhou, Qingquan Lv

{"title":"Intelligent malware detection based on graph convolutional network.","authors":"Shanxi Li, Qingguo Zhou, Rui Zhou, Qingquan Lv","doi":"10.1007/s11227-021-04020-y","DOIUrl":null,"url":null,"abstract":"<p><p>Malware has seriously threatened the safety of computer systems for a long time. Due to the rapid development of anti-detection technology, traditional detection methods based on static analysis and dynamic analysis have limited effects. With its better predictive performance, AI-based malware detection has been increasingly used to deal with malware in recent years. However, due to the diversity of malware, it is difficult to extract feature from malware, which make malware detection not conductive to the application of AI technology. To solve the problem, a malware classifier based on graph convolutional network is designed to adapt to the difference of malware characteristics. The specific method is to firstly extract the API call sequence from the malware code and generate a directed cycle graph, then use the Markov chain and principal component analysis method to extract the feature map of the graph, and design a classifier based on graph convolutional network, and finally analyze and compare the performance of the method. The results show that the method has better performance in most detection, and the highest accuracy is <math><mrow><mn>98.32</mn> <mo>%</mo></mrow> </math> , compared with existing methods, our model is superior to other methods in terms of FPR and accuracy. It is also stable to deal with the development and growth of malware.</p>","PeriodicalId":50034,"journal":{"name":"Journal of Supercomputing","volume":"78 3","pages":"4182-4198"},"PeriodicalIF":2.5000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1007/s11227-021-04020-y","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Supercomputing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11227-021-04020-y","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2021/8/24 0:00:00","PubModel":"Epub","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 2

Abstract

Malware has seriously threatened the safety of computer systems for a long time. Due to the rapid development of anti-detection technology, traditional detection methods based on static analysis and dynamic analysis have limited effects. With its better predictive performance, AI-based malware detection has been increasingly used to deal with malware in recent years. However, due to the diversity of malware, it is difficult to extract feature from malware, which make malware detection not conductive to the application of AI technology. To solve the problem, a malware classifier based on graph convolutional network is designed to adapt to the difference of malware characteristics. The specific method is to firstly extract the API call sequence from the malware code and generate a directed cycle graph, then use the Markov chain and principal component analysis method to extract the feature map of the graph, and design a classifier based on graph convolutional network, and finally analyze and compare the performance of the method. The results show that the method has better performance in most detection, and the highest accuracy is $98.32 %$ , compared with existing methods, our model is superior to other methods in terms of FPR and accuracy. It is also stable to deal with the development and growth of malware.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于图卷积网络的恶意软件智能检测。

长期以来，恶意软件严重威胁着计算机系统的安全。由于反检测技术的快速发展，传统的基于静态分析和动态分析的检测方法效果有限。近年来，基于人工智能的恶意软件检测由于具有较好的预测性能，越来越多地用于恶意软件的处理。然而，由于恶意软件的多样性，很难从恶意软件中提取特征，这使得恶意软件检测不利于人工智能技术的应用。为了解决这一问题，设计了一种基于图卷积网络的恶意软件分类器，以适应恶意软件特征的差异。具体方法是首先从恶意软件代码中提取API调用序列并生成有向循环图，然后利用马尔可夫链和主成分分析法提取图的特征映射，并设计基于图卷积网络的分类器，最后对方法的性能进行分析和比较。结果表明，该方法在大多数检测中具有较好的性能，最高准确率为98.32%，与现有方法相比，该模型在FPR和准确率方面均优于其他方法。它在处理恶意软件的发展和增长方面也很稳定。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Supercomputing 工程技术-工程：电子与电气

CiteScore

6.30

自引率

12.10%

发文量

734

审稿时长

13 months

期刊介绍： The Journal of Supercomputing publishes papers on the technology, architecture and systems, algorithms, languages and programs, performance measures and methods, and applications of all aspects of Supercomputing. Tutorial and survey papers are intended for workers and students in the fields associated with and employing advanced computer systems. The journal also publishes letters to the editor, especially in areas relating to policy, succinct statements of paradoxes, intuitively puzzling results, partial results and real needs. Published theoretical and practical papers are advanced, in-depth treatments describing new developments and new ideas. Each includes an introduction summarizing prior, directly pertinent work that is useful for the reader to understand, in order to appreciate the advances being described.