Skip to main content

Detecting Malware Based on Dynamic Analysis Techniques Using Deep Graph Learning

  • 765 Accesses

Part of the Lecture Notes in Computer Science book series (LNISA,volume 12466)

Abstract

Detecting malware using dynamic analysis techniques is an efficient method. Those familiar techniques such as signature-based detection perform poorly when attempting to identify zero-day malware, and it is also a challenging and time-consuming task to manually engineer malicious behaviors. Several studies have tried to detect unknown behaviors automatically. One of effective approaches introduced in recent years is to use graphs to represent the behavior of an executable, and learn from these graphs. However, current graph representations have ignored much important information such as parameters, variables changes… In this paper, we present a new method for malware detection by applying a graph attention network on multi-edge directional heterogeneous graphs constructed from Windows API calls collected after a file being executed in cuckoo sandbox… The experiments show that our model achieves better performance than other baseline models at both TPR and FAR scores.

Keywords

  • Malware detection
  • Dynamic analysis
  • Deep learning
  • Graph representation

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-63924-2_21
  • Chapter length: 22 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-63924-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

References

  1. Yu, B., Fang, Y., Yang, Q., et al.: A survey of malware behavior description and analysis. Front. Inf. Technol. Electron. Eng. (2018)

    Google Scholar 

  2. Hongfa, X., Shaowen, S., Guru, V., Tian, L.: Machine learning-based analysis of program binaries - a comprehensive study. IEEE Access (2019)

    Google Scholar 

  3. Yuxin, D., Wei, D., Shengli, Y., Yume, Z.: Control flow-based opcode behavior analysis for malware detection (2014)

    Google Scholar 

  4. Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11, 659101 (2015)

    CrossRef  Google Scholar 

  5. Tran, T.K., Sato, H.: NLP-based approaches for malware classification from API sequences. In: 21st Asia Pacific Symposium on Intelligent and Evolutionary Systems (IES) (2017)

    Google Scholar 

  6. Pascanu, R., Stokes, J.W., Sanossian, H., et al.: Malware classification with recurrent networks. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2015)

    Google Scholar 

  7. Kolosnjaji, B., Zarras, A., Eraisha, G., et al.: Empowering convolutional networks for malware classification and analysis. In: International Joint Conference on Neural Networks (IJCNN) (2017)

    Google Scholar 

  8. Tobiyama, S., Yamaguchi, Y., Shimada, H., et al.: Malware detection with deep neural network using process behavior. In: 40th Annual Computer Software and Applications Conference (COMPSAC) (2016)

    Google Scholar 

  9. Wang, X,. Yiu, S.M.: A multi-task learning model for malware classification with useful file access pattern from API call sequence (2016). arXiv:1610.05945 [cs.SD], Cryptography and Security

  10. Xiao, X., Zhang, S., Mercaldo, F., Hu, G., Sangaiah, A.K.: Android malware detection based on system call sequences and LSTM. Multimedia Tools Appl. 78(4), 3979–3999 (2017)

    CrossRef  Google Scholar 

  11. Sikorski, M., Honig, A.: Practical malware analysis: the hands-on guide to dissecting malicious software. xxviii

    Google Scholar 

  12. Naval, S., Rajarajan, M., Laxmi, V., Conti, M.: Employing program semantics for malware detection. IEEE Trans. Inf. Forensics Secur. (2015)

    Google Scholar 

  13. Mathew, J., Ajay Kumara, M.A.: API call based malware detection approach using recurrent neural network – LSTM. Intell. Syst. Des. Appl. (2018)

    Google Scholar 

  14. Wüchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: ASIA CCS 2014: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014)

    Google Scholar 

  15. Hung, N., Dung, P., Ngoc, T., et al.: Malware detection based on directed multi-edge dataflow graph representation and convolutional neural network. In: 2019 11th International Conference on Knowledge and Systems Engineering (KSE) (2019)

    Google Scholar 

  16. Wang, X., Ji, H., Shi, C., et al.: Heterogeneous graph attention network (2019). arXiv:1903.07293

  17. Wu, Z., Pan, S., Chen, F., et al.: A comprehensive survey on graph neural networks. Netw. Embed. Graph Neural Netw. (2019)

    Google Scholar 

  18. Zhou, J., Cui, G., Zhang, Z.: Graph neural networks. a review of methods and applications (2018). arXiv:1812.08434

  19. Anderson, B., Quist, D., Neil, J., et al.: Graph-based malware detection using dynamic analysis. J. Comput. Virol. 7, 247–258 (2011). https://doi.org/10.1007/s11416-011-0152-x

    CrossRef  Google Scholar 

  20. Jin, Y., Joseph, F.J.: Learning graph-level representations with recurrent neural networks (2018). arXiv:1805.07683

  21. Perozzi, B., Al-Rfou, R., Skiena, S.: DeepWalk: online learning of social representations. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2014), pp. 701–710. Association for Computing Machinery, New York (2014)

    Google Scholar 

  22. He, Y., Song, Y., Li, J., Ji, C.: HeteSpaceyWalk: a heterogeneous spacey random walk for heterogeneous information network embedding. In: 28th ACM International Conference (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nguyen Viet Hung .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Tu, N.M., Hung, N.V., Anh, P.V., Van Loi, C., Shone, N. (2020). Detecting Malware Based on Dynamic Analysis Techniques Using Deep Graph Learning. In: Dang, T.K., Küng, J., Takizawa, M., Chung, T.M. (eds) Future Data and Security Engineering. FDSE 2020. Lecture Notes in Computer Science(), vol 12466. Springer, Cham. https://doi.org/10.1007/978-3-030-63924-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63924-2_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63923-5

  • Online ISBN: 978-3-030-63924-2

  • eBook Packages: Computer ScienceComputer Science (R0)