nach oben

Mobile Networks and Applications

26.04.2024 | Research

MalDMTP: A Multi-tier Pooling Method for Malware Detection based on Graph Classification

verfasst von: Liang Kou, Cheng Qiu, Meiyu Wang, Hua Liu, Yan Du, Jilin Zhang

Erschienen in: Mobile Networks and Applications

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the development and adoption of cloud platforms in various fields, malware attacks have become a serious threat to the Internet cloud ecosystem. However, the pooling process of existing graph classification techniques for malware variant detection uses only a serial and single strategy, resulting in localized malicious behaviors of malware that may be overlooked. In this paper, we propose MalDMTP, a malware detection framework based on multilevel graph classification learning, which implements the graph pooling process for malware classification in parallel and performs graph instance-based discrimination. In particular, MalDMTP first constructs an API call graph based on results obtained from dynamic execution of malware. Then it combines multiple graph neural network learning strategies through multi-level pooling to learn the global importance of nodes in the pooled graph and extract node representations from multiple perspectives for heterogeneous graphs. After that, MalDMTP is aggregated into graph representations by the graph-level pooling function GMT based on a multi-head attention mechanism, which goes through a classifier in order to obtain malware prediction labels. Experimental results show that the proposed MalDMTP can achieve 96.53% accuracy on the Alibaba cloud malware dataset, which improves 1.9% 7.6% over the previous single-graph pooling methods on the graph classification task of malware detection.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

AV-ATLAS (2022) Malware. The AV-TEST Institute. https://www.av-test.org/en/statistics/malware. Accessed 1 June 2023

SONICWALL (2023) 2023 SonicWall Cyber Threat Report. https://www.sonicwall.com/resources/white-papers/2023-sonicwall-cyber-threat-report. Accessed 20 Dec 2023

Egele M, Scholte T, Kirda E, Krügel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv 44(6):1–42. https://doi.org/10.1145/2089125.2089126

Raff E, Zak R, Cox R, Sylvester J, Yacci P, Ward R, Tracy A, McLean M, Nicholas CK (2018) An investigation of byte n-gram features for malware classification. Journal of Computer Virology and Hacking Techniques 14:1–20. https://doi.org/10.1007/s11416-016-0283-1CrossRef

Bernardi Mario C, Marta D, Damiano M, Fabio M, Francesco (2019) Dynamic malware detection and phylogeny analysis using process mining. Int J Inf Secur 18:257–284. https://doi.org/10.1007/s10207-018-0415-3

Huang W, Stokes JW (2016) MtNet: A Multi-Task Neural Network for Dynamic Malware Classification. In: Caballero J, Zurutuza U, Rodríguez R (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. San Sebastián, Spain, pp 399-418

Zhang H, Lu G, Zhan M, Zhang B (2022) Semi-Supervised Classification of Graph Convolutional Networks with Laplacian Rank Constraints. Neural Process Lett 54:2645–2656. https://doi.org/10.1007/s11063-020-10404-7CrossRef

Liu Z, Zhou J (2020) Graph Attention Networks. In: Introduction to Graph Neural Networks. Synth Lect Artif Intell Mach Learn pp 39-41

Hu Z, Dong Y, Wang K, Chang K, Sun Y (2020) GPT-GNN: Generative Pre-Training of Graph Neural Networks. Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining. Association for Computing Machinery, New York, NY, USA, pp 1857–1867. https://doi.org/10.1145/3394486.3403237

10.

Wang YG, Li M, Ma Z, Montúfar G, Zhuang X, Fan Y (2019) Haar Graph Pooling. In Proceedings of the 37th international conference on machine learning (ICML’20), 923:9952–9962. https://doi.org/10.5555/3524938.3525861

11.

Peng H, Li J, Song Y, Yang R, Ranjan R, Yu PS, He L (2021) Streaming Social Event Detection and Evolution Discovery in Heterogeneous Information Networks. ACM Transactions on Knowledge Discovery from Data (TKDD) 15:1–33. https://doi.org/10.1145/3447585CrossRef

12.

Peng H, Li J, Gong Q, Wang S, He L, Li B, Wang L, Yu PS (2019) Hierarchical Taxonomy-Aware and Attentional Graph Capsule RCNNs for Large-Scale Multi-Label Text Classification. IEEE Trans Knowl Data Eng 33:2505–2519. https://doi.org/10.1109/TKDE.2019.2959991CrossRef

13.

Bruna J, Zaremba W, Szlam A, LeCun Y (2013) Spectral Networks and Locally Connected Networks on Graphs. CoRR, abs/1312.6203

14.

Kipf T, Welling M (2017) Semi-Supervised Classification with Graph Convolutional Networks. Int Conf Learn Representations pp 1–14

15.

Hamilton WL, Ying Z, Leskovec J (2017) Inductive Representation Learning on Large Graphs. Neural Inform Process Syst pp 1025–1035. https://doi.org/10.5555/3294771.3294869

16.

Xu K, Li C, Tian Y, Sonobe T, Kawarabayashi K, Jegelka S (2018) Representation Learning on Graphs with Jumping Knowledge Networks. Int Conf Mach Learn pp 5453–5462

17.

Abu-El-Haija S, Kapoor A, Perozzi B, Lee J (2018) N-GCN: Multi-scale Graph Convolution for Semi-supervised Node Classification. Conf Uncertain Artif Intell pp 841–851

18.

Cai L, Ji S (2020) A Multi-Scale Approach for Graph Link Prediction. AAAI Conference on Artificial Intelligence 34:3308–3315. https://doi.org/10.1609/aaai.v34i04.5731CrossRef

19.

Xiao Y, Li R, Lu X, Liu Y (2021) Link prediction based on feature representation and fusion. Inf Sci 548:1–17MathSciNetCrossRef

20.

You J, Ying R, Leskovec J (2019) Position-aware Graph Neural Networks. Int Conf Mach Learn pp 7134–7143

21.

Nguyen TD, Phung D (2019) Unsupervised universal self-attention network for graph classification. arXiv:1909.11855

22.

Defferrard M, Bresson X, Vandergheynst P (2016) Convolutional neural networks on graphs with fast localized spectral filtering. Neural Inform Process Syst 29

23.

Vinyals O, Bengio S, Kudlur M (2015) Order Matters: Sequence to sequence for sets. arXiv preprint arXiv:1511.06391

24.

Zhang M, Cui Z, Neumann M, Chen Y (2018) An end-to-end deep learning architecture for graph classification. In: Proceedings of the AAAI conference on artificial intelligence, vol 32(1)

25.

Gao H, Ji S (2019) Graph u-nets. In international conference on machine learning, pp 2083–2092

26.

Lee J, Lee I, Kang J (2019) Self-attention graph pooling. In: International conference on machine learning pp 3734–3743

27.

Zhang Z, Bu J, Ester M, Zhang J, Li Z, Yao C, Huifen D, Yu Z, Wang C (2021) Hierarchical Multi-View Graph Pooling With Structure Learning. IEEE Trans Knowl Data Eng 35:545–559

28.

Diehl F (2019) Edge contraction pooling for graph neural networks. arXiv preprint arXiv:1905.10990

29.

Ying Z, You J, Morris C, Ren X, Hamilton W, Leskovec J (2018) Hierarchical graph representation learning with differentiable pooling. Adv Neural Inform Processing Syst 31

30.

Yuan H, Ji S (2020) Structpool: Structured graph pooling via conditional random fields. In: Proceedings of the 8th international conference on learning representations

31.

Bianchi FM, Grattarola D, Alippi C (2020) Spectral clustering with graph neural networks for graph pooling. In: International conference on machine learning pp 874–883

32.

Ranjan E, Sanyal S, Talukdar P (2020) Asap: Adaptive structure aware pooling for learning hierarchical graph representations. In Proceedings of the AAAI conference on artificial intelligence 34(04):5470–5477

33.

Baek J, Kang M, Hwang SJ (2021) Accurate learning of graph representations with graph multiset pooling

34.

John TS, Thomas T, Emmanuel S (2020) Graph convolutional networks for android malware detection with system call graphs. In: 2020 Third ISEA conference on security and privacy pp 162–170

35.

Cai M, Jiang Y, Gao C, Li H, Yuan W (2021) Learning features from enhanced function call graphs for Android malware detection. Neurocomputing 423:301–307CrossRef

36.

Gao H, Cheng S, Zhang W (2021) GDroid: Android malware detection and classification with graph convolutional network. Comput & Secur 106:102264CrossRef

37.

Deldar F, Abadi M, Ebrahimifard M (2022) Android Malware Detection Using Supervised Deep Graph Representation Learning. In: 2022 12th International conference on computer and knowledge engineering pp 348–354

38.

Wu H, Luktarhan N, Tian G, Song Y (2023) An Android Malware Detection Approach to Enhance Node Feature Differences in a Function Call Graph Based on GCNs. Sensors 23(10):4729CrossRef

39.

Ying C, Cai T, Luo S, Zheng S, Ke G, He D, She Y, Liu TY (2021) Do transformers really perform badly for graph representation? Adv Neural Inf Process Syst 34:28877–28888

40.

Xu K, Hu W, Leskovec J, Jegelka S (2019) How powerful are graph neural networks?. In: 7th International conference on learning representations

41.

Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser Ł, Polosukhin I (2017) Attention is all you need. Adv Neural Inform Process Syst 30

42.

Ba JL, Kiros JR, Hinton GE (2016) Layer normalization. arXiv preprint arXiv:1607.06450

43.

Lin Y, Zhao H, Ma X, Tu Y, Wang M (2020) Adversarial attacks in modulation recognition with convolutional neural networks. IEEE Trans Reliab 70(1):389–401CrossRef

44.

Tu Y, Lin Y, Hou C, Mao S (2020) Complex-valued networks for automatic modulation classification. IEEE Trans Veh Technol 69(9):10085–10089CrossRef

45.

Liu C, Li B, Zhao J, Zhen Z, Liu X, Zhang Q (2022) FewM-HGCL: Few-shot malware variants detection via heterogeneous graph contrastive learning. IEEE Trans Dependable Secure Comput

46.

Liu C, Fu X, Wang Y, Guo L, Liu Y, Lin Y, Zhao H, Gui G (2023) Overcoming data limitations: a few-shot specific emitter identification method using self-supervised learning and adversarial augmentation. IEEE Trans Inf Forensics Secur 19:500–513CrossRef

47.

Yao Z, Fu X, Guo L, Wang Y, Lin Y, Shi S, Gui G (2023) Few-shot specific emitter identification using asymmetric masked auto-encoder. IEEE Commun Lett 27(10):2657–2661CrossRef

48.

Chen Z, Xiang J, Lu Y, Xuan Q, Wang Z, Chen G, Yang X (2023) RGP: Neural Network Pruning Through Regular Graph With Edges Swapping. IEEE Trans Neural Netw Learn Syst

49.

Xuan Q, Zhou J, Qiu K, Chen Z, Xu D, Zheng S, Yang X (2022) AvgNet: Adaptive visibility graph neural network and its application in modulation classification. IEEE Trans Netw Sci Eng 9(3):1516–1526

50.

Zheng Z, Shi X, He L, Jin H, Wei S, Dai H, Peng X (2020) Feluca: A two-stage graph coloring algorithm with color-centric paradigm on gpu. IEEE Trans Parallel Distrib Syst 32(1):160–173CrossRef

51.

Zheng Z, Zhao C, Xie P, DuM B (2023) Galliot: Path Merging Based Betweenness Centrality Algorithm on GPU. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’ 23). New York, USA, pp 17–20

52.

Huang Q, He H, Singh A, Lim SN, Benson AR (2020) Combining label propagation and simple models out-performs graph neural networks. arXiv preprint arXiv: 2010.13993

53.

Xu Y, Wang J, Guang M, Yan C, Jiang C (2023) Multistructure Graph Classification Method With Attention-Based Pooling. IEEE Trans Comput Soc Syst 10:602–613

Titel: MalDMTP: A Multi-tier Pooling Method for Malware Detection based on Graph Classification
verfasst von: Liang Kou
Cheng Qiu
Meiyu Wang
Hua Liu
Yan Du
Jilin Zhang
Publikationsdatum: 26.04.2024
Verlag: Springer US
Erschienen in: Mobile Networks and Applications
Print ISSN: 1383-469X
Elektronische ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-024-02318-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide