A Survey on Malware Detection with Graph Representation Learning

Bilot, Tristan; Madhoun, Nour El; Agha, Khaldoun Al; Zouaoui, Anis

doi:10.48550/arxiv.2303.16004

Cited by 2 publications

(4 citation statements)

References 132 publications

(197 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their concentration was on the detection techniques and detection frameworks. Bilot et al [14] conducted a survey on malware detection based on graph representation learning. They mainly summarized the graph-based deep learning for malware detection and adversarial attacks.…”

Section: Workmentioning

confidence: 99%

See 1 more Smart Citation

An Evaluation of Current Malware Trends and Defense Techniques: A Scoping Review with Empirical Case Studies

Cletus,

Opoku,

Weyori

2024

JAIT

View full text Add to dashboard Cite

attackers and defenders makes the malware ecosystems highly volatile, dynamic, stochastic, and unpredictable. The volatility of the ecosystem means that, both attackers and defenders are innovating to outwit each other, which requires regular evaluation to establish gaps for remediation. In this paper, the aim was to establish current malware trends, comparative weaknesses and strengths of existing malware defenses, the identification of research gaps and a proposal of future directions to malware defense. We adopted a scoping review with empirical case studies using data from extant literature and industrial sources for the study. The results revealed that, current malware are targeted, unknown, persistent and stealth and are increasing in volumes, variety and complexity. Attackers adopt innovative modes of transmission to spread malware from one network to another and use both anti-static and advanced forms of obfuscation to evade detection. The poor adaptability, learnability, memorability and generalizability of signature-based detection methods such as static, dynamic, hybrid makes ML algorithms the state-of-art, but they also show instability in classification, poor and redundant features, class imbalance and the associated "accuracy paradox", and poor resilience to detecting previously unknown malware. Additionally, user and organizational vulnerabilities also exacerbates the defense challenge. The paper concluded that with the increasing sophistication in malware, ensuring holistic malware defense requires novel techniques that addresses these gaps. This implies that, current research should refocus on providing hybrid defense approaches that are not only technical in nature but also non-technical leading to the provision of improved holistic malware defense.

show abstract

Section: Workmentioning

confidence: 99%

“…Formulae) The efficiency of an ML technique is usually measured using different metrics, as shown in Eqs. ( 5)− (14). A careful understanding of the metrics, the algorithms, and the data size, type and variety is key in selecting a metric for the evaluation of learning models.…”

Section: Performance Evaluation Of ML Models (Metrics Andmentioning

confidence: 99%

An Evaluation of Current Malware Trends and Defense Techniques: A Scoping Review with Empirical Case Studies

Cletus,

Opoku,

Weyori

2024

JAIT

View full text Add to dashboard Cite

show abstract

“…One of the samples within each family has its corresponding provenance graph available in [61]. For the second sample in each family, we utilized a dynamic malware analysis platform 7 to analyze the actions performed by the sample on the system and generate the corresponding provenance graphs. We proceeded by testing whether the subgraph relationship between the pairs of isolated provenance graphs is preserved.…”

Section: F Robustness Comparisonmentioning

confidence: 99%

“…https://en.wikipedia.org/wiki/Subgraph_isomorphism_problem 2 In the cybersecurity context, graph representation learning has already demonstrated notable advancements and widespread application, particularly in the domain of vulnerability detection[7,13].…”

mentioning

confidence: 99%

ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search

Altinisik,

Deniz,

Sencar

2023

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We present ProvG-Searcher, a novel approach for detecting known APT behaviors within system security logs. Our approach leverages provenance graphs, a comprehensive graph representation of event logs, to capture and depict data provenance relations by mapping system entities as nodes and their interactions as edges. We formulate the task of searching provenance graphs as a subgraph matching problem and employ a graph representation learning method. The central component of our search methodology involves embedding of subgraphs in a vector space where subgraph relationships can be directly evaluated. We achieve this through the use of order embeddings that simplify subgraph matching to straightforward comparisons between a query and precomputed subgraph representations. To address challenges posed by the size and complexity of provenance graphs, we propose a graph partitioning scheme and a behavior-preserving graph reduction method. Overall, our technique offers significant computational efficiency, allowing most of the search computation to be performed offline while incorporating a lightweight comparison step during query execution. Experimental results on standard datasets demonstrate that ProvG-Searcher achieves superior performance, with an accuracy exceeding 99% in detecting query behaviors and a false positive rate of approximately 0.02%, outperforming other approaches. CCS CONCEPTS• Security and privacy → Intrusion detection systems; Systems security; Intrusion/anomaly detection and malware mitigation.

show abstract

A Survey on Malware Detection with Graph Representation Learning

Cited by 2 publications

References 132 publications

An Evaluation of Current Malware Trends and Defense Techniques: A Scoping Review with Empirical Case Studies

An Evaluation of Current Malware Trends and Defense Techniques: A Scoping Review with Empirical Case Studies

ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search

Contact Info

Product

Resources

About