Malware detection with dynamic evolving graph convolutional networks

Zhang, Zikai; Li, Yidong; Wang, Wei; Song, Haifeng; Dong, Hairong

doi:10.1002/int.22880

Cited by 8 publications

(6 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker normally creates a powerful botnet by taking advantage of flaws in networked devices, which disrupts a targeted internet service supplier and results in significant service unavailability. Organizations and enterprises incur substantial financial costs as a result of these attacks due to the disruptions in operations and the expenses associated with the analysis and resolution of cyber events [14].…”

Section: Iot Attack-related Tangible Damagementioning

confidence: 99%

“…Most existing studies on malware detection have focused on static or dynamic analysis, machine learning, or ensemble techniques, with some exploring hybrid analysis and big data approaches [13][14][15][16][17]. AI-based malware detection is gaining attention, particularly through ensemble learning, which exhibits promise by training multiple classifiers.…”

Section: Motivation and Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of Things

Ahmad,

Wan,

Ahmad

et al. 2024

Mathematics

View full text Add to dashboard Cite

The proliferation of Internet of Things (IoT) devices and their integration into critical infrastructure and business operations has rendered them susceptible to malware and cyber-attacks. Such malware presents a threat to the availability and reliability of IoT devices, and a failure to address it can have far-reaching impacts. Due to the limited resources of IoT devices, traditional rule-based detection systems are often ineffective against sophisticated attackers. This paper addressed these issues by designing a new framework that uses a machine learning (ML) algorithm for the detection of malware. Additionally, it also employed sequential detection architecture and evaluated eight malware datasets. The design framework is lightweight and effective in data processing and feature selection algorithms. Moreover, this work proposed a classification model that utilizes one support vector machine (SVM) algorithm and is individually tuned with three different optimization algorithms. The employed optimization algorithms are Nuclear Reactor Optimization (NRO), Artificial Rabbits Optimization (ARO), and Particle Swarm Optimization (PSO). These algorithms are used to explore a diverse search space and ensure robustness in optimizing the SVM for malware detection. After extensive simulations, our proposed framework achieved the desired accuracy among eleven existing ML algorithms and three proposed ensemblers (i.e., NRO_SVM, ARO_SVM, and PSO_SVM). Among all algorithms, NRO_SVM outperforms the others with an accuracy rate of 97.8%, an F1 score of 97%, and a recall of 99%, and has fewer false positives and false negatives. In addition, our model successfully identified and prevented malware-induced attacks with a high probability of recognizing new evolving threats.

show abstract

Section: Iot Attack-related Tangible Damagementioning

confidence: 99%

Section: Motivation and Contributionsmentioning

confidence: 99%

A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of Things

Ahmad,

Wan,

Ahmad

et al. 2024

Mathematics

View full text Add to dashboard Cite

show abstract

“…This method can be viewed as a hybrid model of macro and micro-feature detection. Changes in edge features could reflect anomalies at connected nodes, even if the algorithm doesn't explicitly analyze node properties.Zikai Zhang et al [41] proposes a Dynamic Evolving Graph Convolutional Network(DEGCN) model to capture patterns evolving with time of both node-level and graph-level behavior. This correlates to combining both macro and micro-level feature detection.…”

Section: Subgraph Level Anomaly Detectionmentioning

confidence: 99%

Statistically Inspired Discrepancy Detection for Anomalous Spatio-Temporal Graphs

Tiwari,

Chatterjee,

Padmakumar

et al. 2024

Preprint

View full text Add to dashboard Cite

Anomaly detection in dynamic graphs is a critical topic with applications in many fields, such as fraud detection and network security. This paper tackles the difficulties in locating abnormalities in time-varying graphs by presenting a novel divide-and-conquer method. We combine Graph Convolutional Networks (GCN) and Recurrent Neural Networks (RNN) to predict future node values on temporal graphs, followed by a macro and micro-level analysis. At the macro level, we present a novel algorithm to extract correlation-based subgraphs. The values obtained for each subgraph allow us to concentrate on subgraphs that show significant anomalies, effectively minimizing the challenges in node-level anomaly detection. This is followed by a micro-level analysis of the node contributions and temporal properties within the identified anomalous subgraphs. By combining macro and micro-level analysis with a machine learning-based approach, our method provides an efficient approach for zoning in on anomalies, significantly speeding up computation.

show abstract

“…Anomalous nodes → modeling stochasticity and multi-scale ST dependency GCN and GRU DEGCN [50] To capture node-and global-level patterns → DGCN and GGRU GCN alone TDG with GCN [51] Malicious connections on traffic → extracting TDGs graph. It used the GCN encoder and the deconvolutional decoder.…”

Section: Gcn and Drnn-based Gae H-vgrae [49]mentioning

confidence: 99%

“…Zhang et al [50] proposed a novel dynamic evolving graph convolutional network (DEGCN) model to capture evolving patterns of both local node-level and global graph-level software behaviors. It consists of three stages.…”

Section: ) Anomalous Node Detectionmentioning

confidence: 99%

Graph Anomaly Detection With Graph Neural Networks: Current Status and Challenges

et al. 2022

View full text Add to dashboard Cite

Graphs are used widely to model complex systems, and detecting anomalies in a graph is an important task in the analysis of complex systems. Graph anomalies are patterns in a graph that do not conform to normal patterns expected of the attributes and/or structures of the graph. In recent years, graph neural networks (GNNs) have been studied extensively and have successfully performed difficult machine learning tasks in node classification, link prediction, and graph classification thanks to the highly expressive capability via message passing in effectively learning graph representations. To solve the graph anomaly detection problem, GNN-based methods leverage information about the graph attributes (or features) and/or structures to learn to score anomalies appropriately. In this survey, we review the recent advances made in detecting graph anomalies using GNN models. Specifically, we summarize GNN-based methods according to the graph type (i.e., static and dynamic), the anomaly type (i.e., node, edge, subgraph, and whole graph), and the network architecture (e.g., graph autoencoder, graph convolutional network). To the best of our knowledge, this survey is the first comprehensive review of graph anomaly detection methods based on GNNs.

show abstract

Malware detection with dynamic evolving graph convolutional networks

Cited by 8 publications

References 45 publications

A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of Things

A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of Things

Statistically Inspired Discrepancy Detection for Anomalous Spatio-Temporal Graphs

Graph Anomaly Detection With Graph Neural Networks: Current Status and Challenges

Contact Info

Product

Resources

About