MalDMTP:基于图分类的多层汇集恶意软件检测方法

Liang Kou, Cheng Qiu, Meiyu Wang, Hua Liu, Yan Du, Jilin Zhang
{"title":"MalDMTP:基于图分类的多层汇集恶意软件检测方法","authors":"Liang Kou, Cheng Qiu, Meiyu Wang, Hua Liu, Yan Du, Jilin Zhang","doi":"10.1007/s11036-024-02318-8","DOIUrl":null,"url":null,"abstract":"<p>With the development and adoption of cloud platforms in various fields, malware attacks have become a serious threat to the Internet cloud ecosystem. However, the pooling process of existing graph classification techniques for malware variant detection uses only a serial and single strategy, resulting in localized malicious behaviors of malware that may be overlooked. In this paper, we propose MalDMTP, a malware detection framework based on multilevel graph classification learning, which implements the graph pooling process for malware classification in parallel and performs graph instance-based discrimination. In particular, MalDMTP first constructs an API call graph based on results obtained from dynamic execution of malware. Then it combines multiple graph neural network learning strategies through multi-level pooling to learn the global importance of nodes in the pooled graph and extract node representations from multiple perspectives for heterogeneous graphs. After that, MalDMTP is aggregated into graph representations by the graph-level pooling function GMT based on a multi-head attention mechanism, which goes through a classifier in order to obtain malware prediction labels. Experimental results show that the proposed MalDMTP can achieve 96.53% accuracy on the Alibaba cloud malware dataset, which improves 1.9% 7.6% over the previous single-graph pooling methods on the graph classification task of malware detection.</p>","PeriodicalId":501103,"journal":{"name":"Mobile Networks and Applications","volume":"41 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MalDMTP: A Multi-tier Pooling Method for Malware Detection based on Graph Classification\",\"authors\":\"Liang Kou, Cheng Qiu, Meiyu Wang, Hua Liu, Yan Du, Jilin Zhang\",\"doi\":\"10.1007/s11036-024-02318-8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the development and adoption of cloud platforms in various fields, malware attacks have become a serious threat to the Internet cloud ecosystem. However, the pooling process of existing graph classification techniques for malware variant detection uses only a serial and single strategy, resulting in localized malicious behaviors of malware that may be overlooked. In this paper, we propose MalDMTP, a malware detection framework based on multilevel graph classification learning, which implements the graph pooling process for malware classification in parallel and performs graph instance-based discrimination. In particular, MalDMTP first constructs an API call graph based on results obtained from dynamic execution of malware. Then it combines multiple graph neural network learning strategies through multi-level pooling to learn the global importance of nodes in the pooled graph and extract node representations from multiple perspectives for heterogeneous graphs. After that, MalDMTP is aggregated into graph representations by the graph-level pooling function GMT based on a multi-head attention mechanism, which goes through a classifier in order to obtain malware prediction labels. Experimental results show that the proposed MalDMTP can achieve 96.53% accuracy on the Alibaba cloud malware dataset, which improves 1.9% 7.6% over the previous single-graph pooling methods on the graph classification task of malware detection.</p>\",\"PeriodicalId\":501103,\"journal\":{\"name\":\"Mobile Networks and Applications\",\"volume\":\"41 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Mobile Networks and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s11036-024-02318-8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mobile Networks and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s11036-024-02318-8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

随着云平台在各个领域的发展和应用,恶意软件攻击已成为互联网云生态系统的严重威胁。然而,现有图分类技术在恶意软件变种检测的池化过程中仅采用了序列化的单一策略,导致恶意软件的局部恶意行为可能被忽略。本文提出了基于多级图分类学习的恶意软件检测框架 MalDMTP,该框架并行地实现了恶意软件分类的图池化过程,并执行基于图实例的判别。具体来说,MalDMTP 首先根据恶意软件动态执行的结果构建 API 调用图。然后,它通过多级池化结合多种图神经网络学习策略,学习池化图中节点的全局重要性,并从多个角度提取异构图的节点表征。之后,基于多头关注机制的图级池化函数 GMT 将 MalDMTP 聚合为图表示,并通过分类器获得恶意软件预测标签。实验结果表明,所提出的 MalDMTP 在阿里巴巴云恶意软件数据集上的准确率达到 96.53%,比之前的单图池方法在恶意软件检测的图分类任务上提高了 1.9% 7.6%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
MalDMTP: A Multi-tier Pooling Method for Malware Detection based on Graph Classification

With the development and adoption of cloud platforms in various fields, malware attacks have become a serious threat to the Internet cloud ecosystem. However, the pooling process of existing graph classification techniques for malware variant detection uses only a serial and single strategy, resulting in localized malicious behaviors of malware that may be overlooked. In this paper, we propose MalDMTP, a malware detection framework based on multilevel graph classification learning, which implements the graph pooling process for malware classification in parallel and performs graph instance-based discrimination. In particular, MalDMTP first constructs an API call graph based on results obtained from dynamic execution of malware. Then it combines multiple graph neural network learning strategies through multi-level pooling to learn the global importance of nodes in the pooled graph and extract node representations from multiple perspectives for heterogeneous graphs. After that, MalDMTP is aggregated into graph representations by the graph-level pooling function GMT based on a multi-head attention mechanism, which goes through a classifier in order to obtain malware prediction labels. Experimental results show that the proposed MalDMTP can achieve 96.53% accuracy on the Alibaba cloud malware dataset, which improves 1.9% 7.6% over the previous single-graph pooling methods on the graph classification task of malware detection.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Multi-Objective Recommendation for Massive Remote Teaching Resources An Intelligent Proofreading for Remote Skiing Actions Based on Variable Shape Basis Formalization and Analysis of Aeolus-based File System from Process Algebra Perspective TMPSformer: An Efficient Hybrid Transformer-MLP Network for Polyp Segmentation Privacy and Security Issues in Mobile Medical Information Systems MMIS
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1