Nguyen, MT, Nguyen, VH and Shone, N (2023) Using deep graph learning to improve dynamic analysis-based malware detection in PE Files. Journal of Computer Virology and Hacking Techniques.

Text sn-article.pdf - Accepted Version Restricted to Repository staff only until 20 October 2024. Download (1MB)

Abstract

Detecting zero-day malware using dynamic analysis techniques has proven to be far more effective than traditional signature-based methods. One specific approach that has emerged in recent years is the use of graphs to represent executable behavior, which can be subsequently used to learn patterns. However, many current graph representations omit key parameter information, meaning that the behavioral impact of variable changes cannot be reliably understood. To combat these shortcomings, we present a new method for malware detection by applying a graph attention network on multi-edge directional heterogeneous graphs constructed from API calls. The experiments show the TPR and FAR scores demonstrated by our model, achieve better performance than those from other related works.

Item Type:	Article
Additional Information:	This version of the article has been accepted for publication, after peer review (when applicable) and is subject to Springer Nature’s AM terms of use, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://doi.org/10.1007/s11416-023-00505-x
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software T Technology > T Technology (General) > T58.5 Information Technology
Divisions:	Computer Science & Mathematics
Publisher:	Springer
SWORD Depositor:	A Symplectic
Date Deposited:	12 Oct 2023 12:38
Last Modified:	30 Oct 2023 15:15
DOI or ID number:	10.1007/s11416-023-00505-x
URI:	https://researchonline.ljmu.ac.uk/id/eprint/21712

View Item