Sequence-based malware detection using a single-bidirectional graph embedding and multi-task learning framework

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Security Pub Date : 2023-12-01 DOI:10.3233/jcs-230041

Jiale Luo, Zhewngyu Zhang, Jiesi Luo, Pin Yang, Runyu Jing

{"title":"Sequence-based malware detection using a single-bidirectional graph embedding and multi-task learning framework","authors":"Jiale Luo, Zhewngyu Zhang, Jiesi Luo, Pin Yang, Runyu Jing","doi":"10.3233/jcs-230041","DOIUrl":null,"url":null,"abstract":"As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data into a one-hot feature space with different transmission directions. By capturing the information flow, our method finds a better feature representation for detection tasks with rely solely on sequence information. To enhance the stability of feature representation, this work adopts a multi-task learning strategy which achieves better performance in independent testing. We evaluate our method on two different realworld datasets and compare it against four superior malware detection models. During malware detection using our method, we conducted in-depth discussions on feature length, graph embedding direction, model depth, and different multi-task learning strategies. Experimental and discussion results show that our method significantly outperforms alternative approaches across evaluation settings.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-230041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data into a one-hot feature space with different transmission directions. By capturing the information flow, our method finds a better feature representation for detection tasks with rely solely on sequence information. To enhance the stability of feature representation, this work adopts a multi-task learning strategy which achieves better performance in independent testing. We evaluate our method on two different realworld datasets and compare it against four superior malware detection models. During malware detection using our method, we conducted in-depth discussions on feature length, graph embedding direction, model depth, and different multi-task learning strategies. Experimental and discussion results show that our method significantly outperforms alternative approaches across evaluation settings.

查看原文本刊更多论文

使用单双向图嵌入和多任务学习框架进行基于序列的恶意软件检测

序列分析作为恶意软件检测和分类的重要组成部分，可以集成到动态检测系统中进行实时检测。这项工作提出了一种新的恶意软件检测模型学习方法，该方法利用图嵌入技术的进步，将n-gram数据融合到具有不同传输方向的单热特征空间中。通过捕获信息流，我们的方法为仅依赖序列信息的检测任务找到了更好的特征表示。为了增强特征表示的稳定性，本文采用了多任务学习策略，在独立测试中获得了更好的性能。我们在两个不同的真实世界数据集上评估了我们的方法，并将其与四种高级恶意软件检测模型进行了比较。在使用我们的方法检测恶意软件时，我们对特征长度、图嵌入方向、模型深度以及不同的多任务学习策略进行了深入的讨论。实验和讨论结果表明，我们的方法在评估设置上明显优于其他方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.