Malware Detection Based on Graph Attention Networks for Intelligent Transportation Systems

Çatal, Çağatay; Gündüz, Hakan; Özcan, Alper

doi:10.3390/electronics10202534

Cited by 17 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Daniel Arp used extensive static analysis to embed features in a joint vector space and used the machine learning method SVM. Cagatay Catal [ 38 ]used an application programming interface (API) call graph obtained from malware and benign Android apk files to solve the Android malware detection problem using a graph attention network model. Han Gao [ 39 ] proposed a new method for detecting Android malware based on the graph convolutional neural network model.…”

Section: Resultsmentioning

confidence: 99%

Z2F: Heterogeneous graph-based Android malware detection

Ma,

Luktarhan

2024

PLoS ONE

View full text Add to dashboard Cite

Android malware is becoming more common, and its invasion of smart devices has brought immeasurable losses to people’s lives. Most existing Android malware detection methods extract Android features from the original application files without considering the high-order hidden information behind them, but these hidden information can reflect malicious behaviors. To solve this problem, this paper proposes Z2F, a detection framework based on multidimensional Android feature extraction and graph neural networks for Android applications. Z2F first extracts seven types of Android features from the original Android application and then embeds them into a heterogeneous graph. On this basis, we design 12 kinds of meta-structures to analyze different semantic spaces of heterogeneous graphs, mine high-order hidden semantic information, and adopt a multi-layer graph attention mechanism to iteratively embed and update information. In this paper, a total of 14429 Android applications were detected and 1039726 Android features were extracted, with a detection accuracy of 99.7%.

show abstract

Section: Resultsmentioning

confidence: 99%

Z2F: Heterogeneous graph-based Android malware detection

Ma,

Luktarhan

2024

PLoS ONE

View full text Add to dashboard Cite

show abstract

“…In the study [41], the node embeddings of an API call graph are computed using node2vec and aggregated with a GAT model. The authors explain that the use of node2vec as feature extraction method is justified by a 3% increase in F-score compared to traditional graph centrality features.…”

Section: Fcg Approachesmentioning

confidence: 99%

A Survey on Malware Detection with Graph Representation Learning

Bilot¹,

Madhoun²,

Agha³

et al. 2023

Preprint

View full text Add to dashboard Cite

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Malware and its mitigation; • Computing methodologies → Learning latent representations; Neural networks; Spectral methods.

show abstract

“…Further, Ref. [47] showcased the integration of GANs with various node attributes, illustrating how GANs can outperform traditional detection models. The deployment of GANs in the realm of malware detection holds significant promise in managing the increasing complexity of malware challenges and bolstering the ability of detection models to adapt to new malware types, ultimately aiding in the development of more resilient and effective malware detection frameworks.…”

Section: Introductionmentioning

confidence: 99%

An Incremental Mutual Information-Selection Technique for Early Ransomware Detection

Gazzan,

Sheldon

2024

Information

View full text Add to dashboard Cite

Ransomware attacks have emerged as a significant threat to critical data and systems, extending beyond traditional computers to mobile and IoT/Cyber–Physical Systems. This study addresses the need to detect early ransomware behavior when only limited data are available. A major step for training such a detection model is choosing a set of relevant and non-redundant features, which is challenging when data are scarce. Therefore, this paper proposes an incremental mutual information-selection technique as a method for selecting the relevant features at the early stages of ransomware attacks. It introduces an adaptive feature-selection technique that processes data in smaller, manageable batches. This approach lessens the computational load and enhances the system’s ability to quickly adapt to new data arrival, making it particularly suitable for ongoing attacks during the initial phases of the attack. The experimental results emphasize the importance of the proposed technique in estimating feature significance in limited data scenarios. Such results underscore the significance of the incremental approach as a proactive measure in addressing the escalating challenges posed by ransomware.

show abstract

Malware Detection Based on Graph Attention Networks for Intelligent Transportation Systems

Cited by 17 publications

References 36 publications

Z2F: Heterogeneous graph-based Android malware detection

Z2F: Heterogeneous graph-based Android malware detection

A Survey on Malware Detection with Graph Representation Learning

An Incremental Mutual Information-Selection Technique for Early Ransomware Detection

Contact Info

Product

Resources

About