Detecting Malware Based on Dynamic Analysis Techniques Using Deep Graph Learning

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12466)


Detecting malware using dynamic analysis techniques is an efficient method. Those familiar techniques such as signature-based detection perform poorly when attempting to identify zero-day malware, and it is also a challenging and time-consuming task to manually engineer malicious behaviors. Several studies have tried to detect unknown behaviors automatically. One of effective approaches introduced in recent years is to use graphs to represent the behavior of an executable, and learn from these graphs. However, current graph representations have ignored much important information such as parameters, variables changes… In this paper, we present a new method for malware detection by applying a graph attention network on multi-edge directional heterogeneous graphs constructed from Windows API calls collected after a file being executed in cuckoo sandbox… The experiments show that our model achieves better performance than other baseline models at both TPR and FAR scores.


Malware detection Dynamic analysis Deep learning Graph representation 


  1. 1.
    Yu, B., Fang, Y., Yang, Q., et al.: A survey of malware behavior description and analysis. Front. Inf. Technol. Electron. Eng. (2018)Google Scholar
  2. 2.
    Hongfa, X., Shaowen, S., Guru, V., Tian, L.: Machine learning-based analysis of program binaries - a comprehensive study. IEEE Access (2019)Google Scholar
  3. 3.
    Yuxin, D., Wei, D., Shengli, Y., Yume, Z.: Control flow-based opcode behavior analysis for malware detection (2014)Google Scholar
  4. 4.
    Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11, 659101 (2015)CrossRefGoogle Scholar
  5. 5.
    Tran, T.K., Sato, H.: NLP-based approaches for malware classification from API sequences. In: 21st Asia Pacific Symposium on Intelligent and Evolutionary Systems (IES) (2017)Google Scholar
  6. 6.
    Pascanu, R., Stokes, J.W., Sanossian, H., et al.: Malware classification with recurrent networks. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2015)Google Scholar
  7. 7.
    Kolosnjaji, B., Zarras, A., Eraisha, G., et al.: Empowering convolutional networks for malware classification and analysis. In: International Joint Conference on Neural Networks (IJCNN) (2017)Google Scholar
  8. 8.
    Tobiyama, S., Yamaguchi, Y., Shimada, H., et al.: Malware detection with deep neural network using process behavior. In: 40th Annual Computer Software and Applications Conference (COMPSAC) (2016)Google Scholar
  9. 9.
    Wang, X,. Yiu, S.M.: A multi-task learning model for malware classification with useful file access pattern from API call sequence (2016). arXiv:1610.05945 [cs.SD], Cryptography and Security
  10. 10.
    Xiao, X., Zhang, S., Mercaldo, F., Hu, G., Sangaiah, A.K.: Android malware detection based on system call sequences and LSTM. Multimedia Tools Appl. 78(4), 3979–3999 (2017)CrossRefGoogle Scholar
  11. 11.
    Sikorski, M., Honig, A.: Practical malware analysis: the hands-on guide to dissecting malicious software. xxviiiGoogle Scholar
  12. 12.
    Naval, S., Rajarajan, M., Laxmi, V., Conti, M.: Employing program semantics for malware detection. IEEE Trans. Inf. Forensics Secur. (2015)Google Scholar
  13. 13.
    Mathew, J., Ajay Kumara, M.A.: API call based malware detection approach using recurrent neural network – LSTM. Intell. Syst. Des. Appl. (2018)Google Scholar
  14. 14.
    Wüchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: ASIA CCS 2014: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014)Google Scholar
  15. 15.
    Hung, N., Dung, P., Ngoc, T., et al.: Malware detection based on directed multi-edge dataflow graph representation and convolutional neural network. In: 2019 11th International Conference on Knowledge and Systems Engineering (KSE) (2019)Google Scholar
  16. 16.
    Wang, X., Ji, H., Shi, C., et al.: Heterogeneous graph attention network (2019). arXiv:1903.07293
  17. 17.
    Wu, Z., Pan, S., Chen, F., et al.: A comprehensive survey on graph neural networks. Netw. Embed. Graph Neural Netw. (2019)Google Scholar
  18. 18.
    Zhou, J., Cui, G., Zhang, Z.: Graph neural networks. a review of methods and applications (2018). arXiv:1812.08434
  19. 19.
    Anderson, B., Quist, D., Neil, J., et al.: Graph-based malware detection using dynamic analysis. J. Comput. Virol. 7, 247–258 (2011). Scholar
  20. 20.
    Jin, Y., Joseph, F.J.: Learning graph-level representations with recurrent neural networks (2018). arXiv:1805.07683
  21. 21.
    Perozzi, B., Al-Rfou, R., Skiena, S.: DeepWalk: online learning of social representations. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2014), pp. 701–710. Association for Computing Machinery, New York (2014)Google Scholar
  22. 22.
    He, Y., Song, Y., Li, J., Ji, C.: HeteSpaceyWalk: a heterogeneous spacey random walk for heterogeneous information network embedding. In: 28th ACM International Conference (2019)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Le Quy Don Technical UniversityHanoiVietnam
  2. 2.Liverpool John-Moore UniversityLiverpoolUK

Personalised recommendations