Classifying Malware Represented as Control Flow Graphs using Deep Graph Convolutional Neural Network

Yan, Jiaqi; Yan, Guanhua; Jin, Dong

doi:10.1109/dsn.2019.00020

Cited by 92 publications

(63 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Carratero et al [19] propose their method to diagnose faults in the load-store unit (LSU) which is performed during post-silicon validation, and it only covers design faults. In contrast, SCRIBE [20] is proposed to diagnose intermittent faults during regular operation. After the fault is detected, the program is replayed on the standby core, and a data dependence graph (DDG) is constructed by extracting the runtime information (microstructure-level devices).…”

Section: Fault Diagnosis Methodsmentioning

confidence: 99%

End-to-end diagnosis of cloud systems against intermittent faults

Wang

Huo

2021

COMSIS J

View full text Add to dashboard Cite

The diagnosis of intermittent faults is challenging because of their random manifestation due to intricate mechanisms. Conventional diagnosis methods are no longer effective for these faults, especially for hierachical environment, such as cloud computing. This paper proposes a fault diagnosis method that can effectively identify and locate intermittent faults originating from (but not limited to) processors in the cloud computing environment. The method is end-to-end in that it does not rely on artificial feature extraction for applied scenarios, making it more generalizable than conventional neural network-based methods. It can be implemented with no additional fault detection mechanisms, and is realized by software with almost zero hardware cost. The proposed method shows a higher fault diagnosis accuracy than BP network, reaching 97.98% with low latency.

show abstract

Section: Fault Diagnosis Methodsmentioning

confidence: 99%

End-to-end diagnosis of cloud systems against intermittent faults

Wang

Huo

2021

COMSIS J

View full text Add to dashboard Cite

show abstract

“…Classical Deep Learning algorithms such as Convolutional Neural Networks (CNNs) [23] and LSTM networks have been successfully applied to malware detection and classification problems using both static and dynamic analysis data [22]; however, Deep Learning on graphs has been mainly applied to data extracted employing static analysis methods. [24] proposed a malware classification method (MAGIC) based on a modified version of the DGCNN to learn directly from attributed control flow graphs (ACFGs) extracted from disassembled binaries, in which each vertex summarizes code characteristics as numerical values. [25] introduced a malware detection approach using graph embedding to map the control flow graphs (CFGs) extracted from disassembled binaries to low-dimensional vectors as inputs for two stacked denoising autoencoders (SDAs) that are responsible for representation learning.…”

Section: Related Workmentioning

confidence: 99%

“…[28] studied the effectiveness of DGCNNs in processing large-scale graphs with hundreds of thousands of nodes by conducting experiments on malware detection and software defect prediction. Our work follows a similar approach to [24] and shares the same theoretical basis on applying DGCNNs for classification tasks [15]. However, we use the standpoint of dynamic analysis by extracting behavioral graphs from the API call sequences and using both the API call sequences and the behavioral graphs as inputs to a modified version of the DGCNN.…”

Section: Related Workmentioning

confidence: 99%

Behavioral Malware Detection Using Deep Graph Convolutional Neural Networks

Oliveira¹,

Sassi²

2019

Preprint

View full text Add to dashboard Cite

<div>Malware behavioral graphs provide a rich source of information that can be leveraged for detection and classification tasks. In this paper, we propose a novel behavioral malware detection method based on Deep Graph Convolutional Neural Networks (DGCNNs) to learn directly from API call sequences and their associated behavioral graphs. In order to train and evaluate the models, we created a new public domain dataset of more than 40,000 API call sequences resulting from the execution of malware and goodware instances in a sandboxed environment. Experimental results show that our models achieve similar Area Under the ROC Curve (AUC-ROC) and F1-Score to Long-Short Term Memory (LSTM) networks, widely used as the base architecture for behavioral malware detection methods, thus indicating that the models can effectively learn to distinguish between malicious and benign temporal patterns through convolution operations on graphs. To the best of our knowledge, this is the first paper that investigates the applicability of DGCNN to behavioral malware detection using API call sequences.</div>

show abstract

“…These approaches work best when the code base in question is well-documented and comments are indicative of the actual intent of the code. Attempts in literature employ control flow graphs for software defects [7] and malware detection [8]. Our, representation of code as a control flow graph of basic blocks is different.…”

Section: Introductionmentioning

confidence: 99%

Code Characterization With Graph Convolutions and Capsule Networks

et al. 2020

View full text Add to dashboard Cite

We propose SiCaGCN, a learning system to predict the similarity of a given software code to a set of codes that are permitted to run on a computational resource, such as a supercomputer or a cloud server. This code characterization allows us to detect abusive codes. Our system relies on a structural analysis of the control-flow graph of the software codes and two different graph similarity measures: Graph Edit Distance (GED) and a singular values based metric. SiCaGCN combines elements of Graph Convolutional Neural Networks (GCN), Capsule networks, attention mechanism, and neural tensor networks. Our experimental results include a study of the trade-offs between the two similarity metrics and two variations of our learning networks, with and without the use of capsules. Our main findings are that the use of capsules reduces mean square error significantly for both similarity metrics. Use of capsules reduces the runtime to calculate the GED while increases the runtime of singular values calculation.

show abstract

Classifying Malware Represented as Control Flow Graphs using Deep Graph Convolutional Neural Network

Cited by 92 publications

References 26 publications

End-to-end diagnosis of cloud systems against intermittent faults

End-to-end diagnosis of cloud systems against intermittent faults

Behavioral Malware Detection Using Deep Graph Convolutional Neural Networks

Code Characterization With Graph Convolutions and Capsule Networks

Contact Info

Product

Resources

About