A malware detection system based on heterogeneous information network

Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems Pub Date : 2018-10-09 DOI:10.1145/3264746.3264784

Shang-nan Yin, Ho-Seok Kang, Zhi-Guo Chen, Sung-Ryul Kim

{"title":"A malware detection system based on heterogeneous information network","authors":"Shang-nan Yin, Ho-Seok Kang, Zhi-Guo Chen, Sung-Ryul Kim","doi":"10.1145/3264746.3264784","DOIUrl":null,"url":null,"abstract":"In this era of information networks, more and more malware (malicious software) poses a serious threat to security. How to detect malware attacks in a timely and effective manner becomes particularly important. The increasingly sophisticated malware calls for new defense technologies to detect and combat novelty attack and threats. In this paper, we propose a novel malware detection method that not only depends on API calls, further analyze the relationship between them and creates higher-level semantics to avoid attackers evading detection. We construct a heterogeneous information network (HIN) through their rich relationships between software and related APIs, and then use meta-path-based methods to describe the semantic relevance to software and APIs. We use each meta-path to calculate similarities between software and aggregate different similarities with Multi-kernel Learning (MKL) to construct a malware detection system. We collected real sample data and conducted a comprehensive experiment. Through experiments we have obtained a relatively high detection rate and a relatively low false detection rate, shows the effectiveness of our proposed method.","PeriodicalId":186790,"journal":{"name":"Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3264746.3264784","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In this era of information networks, more and more malware (malicious software) poses a serious threat to security. How to detect malware attacks in a timely and effective manner becomes particularly important. The increasingly sophisticated malware calls for new defense technologies to detect and combat novelty attack and threats. In this paper, we propose a novel malware detection method that not only depends on API calls, further analyze the relationship between them and creates higher-level semantics to avoid attackers evading detection. We construct a heterogeneous information network (HIN) through their rich relationships between software and related APIs, and then use meta-path-based methods to describe the semantic relevance to software and APIs. We use each meta-path to calculate similarities between software and aggregate different similarities with Multi-kernel Learning (MKL) to construct a malware detection system. We collected real sample data and conducted a comprehensive experiment. Through experiments we have obtained a relatively high detection rate and a relatively low false detection rate, shows the effectiveness of our proposed method.

查看原文本刊更多论文

基于异构信息网络的恶意软件检测系统

在这个信息网络时代，越来越多的恶意软件(恶意软件)对安全构成了严重威胁。如何及时有效地检测恶意软件攻击就显得尤为重要。日益复杂的恶意软件需要新的防御技术来检测和打击新奇的攻击和威胁。在本文中，我们提出了一种新的恶意软件检测方法，该方法不仅依赖于API调用，还进一步分析了它们之间的关系，并创建了更高层次的语义来避免攻击者逃避检测。利用软件与相关api之间的丰富关系构建异构信息网络，并利用基于元路径的方法描述软件与api之间的语义相关性。我们利用每个元路径计算软件之间的相似度，并利用多内核学习(Multi-kernel Learning, MKL)对不同的相似度进行聚合，构建恶意软件检测系统。我们收集了真实的样本数据，并进行了全面的实验。通过实验，我们获得了较高的检测率和较低的误检率，表明了我们提出的方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems

自引率

0.00%

发文量