Abstract
The amount of malware has proliferated in recent years because malware developers can easily exploit existing malware to develop new ones. To identify the interrelationships between old and new malware and unify the defense, researchers have continuously tried to automatically classify malware families, and deep neural networks have proven to be a reliable solution to this problem, but as the number of families increases, the robustness of the model is susceptible to data drift and deteriorates, and the validation work of deep neural networks remains insufficient. In this paper, we classify malware families based on semantic learning of disassembled code and graph neural networks, and also provide a judgment basis for family classification so that analysts can quickly verify the classification results. Experiments show that our model can effectively classify families and is robust to data drift.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ndibanje, B., Kim, K.H., Kang, Y.J., et al.: Cross-method-based analysis and classification of malicious behavior by API calls extraction. Appl. Sci. 9(2), 239 (2019)
Shijo, P.V., Salim, A.: Integrated static and dynamic analysis for malware detection. Comput. Sci. 46, 804–811 (2015)
Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J., Kim, H.: Improvement of malware detection and classification using API call sequence alignment and visualization. Clust. Comput. 22(1), 921–929 (2017). https://doi.org/10.1007/s10586-017-1110-2
Ki, Y., Kim, E., Kim, H.K., et al.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11(6), 101 (2015)
Kang, J., Jang, S., Li, S., et al.: Long short-term memory-based Malware classification method for information security. Comput. Electr. Eng. 77, 366–375 (2019)
Wang, P., Tang, Z., Wang, J.: A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling. Comput. Secur. 4, 97 (2021)
Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference, COMPSAC 2004, Hong Kong, China, 28–30 September 2004, vol. 2, pp. 41–42 (2004)
Santos, I., Laorden, C., Bringas, P.G.: Collective classification for unknown malware detection. In: Proceedings of the International Conference on Security and Cryptography, Seville, Spain, 18–21 July 2011, pp. 251–256 (2011)
Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static/dynamic gap. In: Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, Raleigh, NC, USA, 19 October 2012, pp. 3–14 (2012)
Santos, I., Penya, Y.K., Devesa, J., Bringas, P.G.: N-grams-based File Signatures for Malware Detection. In: ICEIS(2), vol. 9, pp. 317–320 (2009)
Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., Zhao, M.: SBMDS: an interpretable string based malware detection system using SVM ensemble with bagging. J. Comput. Virol. 5, 283 (2009)
Islam, R., Tian, R., Batten, L., Versteeg, S.: Classification of malware based on string and function feature selection. In: Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop, Ballarat, Australia, 19–20 July 2010, pp. 9–17 (2010)
Liu, L., Wang, B.: Malware classification using gray-scale images and ensemble learning. In: Proceedings of the 2016 3rd International Conference on Systems and Informatics (ICSAI), Shanghai, China, 19–21 November 2016, pp. 1018–1022 (2016)
Lo, W.W., Layeghy, S., Sarhan, M., et al.: Graph neural network-based android malware classification with jumping knowledge (2022)
Wang, S., Zhao, Y., Liu, G., Su, B.: A hierarchical graph-based neural network for malware classification. In: Mantoro, T., Lee, M., Ayu, M.A., Wong, K.W., Hidayanto, A.N. (eds.) ICONIP 2021. LNCS, vol. 13111, pp. 621–633. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92273-3_51
Pei, X., Long, Y., Tian, S.: AMalNet: a deep learning framework based on graph convolutional networks for malware detection. Comput. Secur. 93, 101792 (2020)
Feng, P., Ma, J., Li, T., et al.: Android malware detection based on call graph via graph neural network. In: 2020 International Conference on Networking and Network Applications (NaNA) (2020)
Xu, P., Khairi, A.E.: Android-COCO: Android malware detection with graph neural network for byte- and native-code. arXiv e-prints (2021)
Yan, J., Yan, G., Jin, D.: Classifying malware represented as control flow graphs using deep graph convolutional neural network. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2019
Gao, H., Cheng, S., Zhang, W.: GDroid: Android malware detection and classification with graph convolutional network. Comput. Secur. 6, 102264 (2021)
Hei, Y., Yang, R., Peng, H., et al.: HAWK: rapid android malware detection through heterogeneous graph attention networks. IEEE Trans. Neural Netw. Learn. Syst. PP(99), 1–15 (2021)
Li, S., Zhou, Q., Zhou, R., et al.: Intelligent malware detection based on graph convolutional network (2021)
Kargarnovin, O., Sadeghzadeh, A.M., Jalili, R.: Mal2GCN: a robust malware detection approach using deep graph convolutional networks with non-negative weights (2021)
Schroff, F., Kalenichenko, D., Philbin, J.: FaceNet: a unified embedding for face recognition and clustering. In: CVPR (2015)
Hermans, A., Beyer, L., Leibe, B.: In defense of the triplet loss for person re-identification (2017)
Mizrahi, I., Avidan, S.: kNet: a deep kNN network to handle label noise (2021)
Zhuang, J., Cai, J., Wang, R., et al.: Deep kNN for medical image classification (2020)
Papernot, N., Mcdaniel, P.: Deep k-nearest neighbors: towards confident, interpretable and robust deep learning (2018)
Ding, S.H.H., Fung, B.C.M., Charland, P.: Asm2Vec: boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. IEEE Computer Society (2019)
Vv, A., Skm, A., Vbs, B.: Multiclass malware classification via first- and second-order texture statistics. Comput. Secur. 97, 101895 (2020)
Krčál, M., Švec, O., Bálek, M., et al.: Deep convolutional malware classifiers can learn from raw executables and labels only (2018)
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks (2016)
Zhang, M., Cui, Z., Neumann, M., Chen, Y.: An end-to-end deep learning architecture for graph classification (2018)
Acknowledgments
The authors would like to thank the Editor-in-Chief, the Associate Editor, and the reviewers for their insightful comments and suggestions. We also thank Zhuopang Lin and Yue Ma for their help in the work. This work was supported by Youth Innovation Promotion Association, CAS (No.2020166), Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences and Beijing Key Laboratory of Network Security and Protection Technology.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, X., Jiang, Z., Wang, S., Jing, R., Ling, C., Wang, Q. (2022). Malware Detected and Tell Me Why: An Verifiable Malware Detection Model with Graph Metric Learning. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)