Sequence-based malware detection using a single-bidirectional graph embedding and multi-task learning framework

As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data...

Full description

Saved in:
Bibliographic Details
Published in:Journal of computer security 2024-01, Vol.32 (2), p.141-163
Main Authors: Luo, Jiale, Zhang, Zhewngyu, Luo, Jiesi, Yang, Pin, Jing, Runyu
Format: Article
Language:English
Subjects:
Embedding
Information flow
Learning
Malware
Representations
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data into a one-hot feature space with different transmission directions. By capturing the information flow, our method finds a better feature representation for detection tasks with rely solely on sequence information. To enhance the stability of feature representation, this work adopts a multi-task learning strategy which achieves better performance in independent testing. We evaluate our method on two different realworld datasets and compare it against four superior malware detection models. During malware detection using our method, we conducted in-depth discussions on feature length, graph embedding direction, model depth, and different multi-task learning strategies. Experimental and discussion results show that our method significantly outperforms alternative approaches across evaluation settings.
ISSN:0926-227X
1875-8924
DOI:10.3233/JCS-230041