Heterogeneous Graph Matching Networks for Unknown Malware Detection
Abstract
Information systems have widely been the target of malware attacks. Traditional signature-based malicious program detection algorithms can only detect known malware and are prone to evasion techniques such as binary obfuscation, while behavior-based approaches highly rely on the malware training samples and incur prohibitively high training cost. To address the limitations of existing techniques, we propose MatchGNet, a heterogeneous Graph Matching Network model to learn the graph representation and similarity metric simultaneously based on the invariant graph modeling of the program's execution behaviors. We conduct a systematic evaluation of our model and show that it is accurate in detecting malicious program behavior and can help detect malware attacks with less false positives. MatchGNet outperforms the state-of-the-art algorithms in malware detection by generating 50% less false positives while keeping zero false negatives.
Cite
Text
Wang et al. "Heterogeneous Graph Matching Networks for Unknown Malware Detection." International Joint Conference on Artificial Intelligence, 2019. doi:10.24963/IJCAI.2019/522Markdown
[Wang et al. "Heterogeneous Graph Matching Networks for Unknown Malware Detection." International Joint Conference on Artificial Intelligence, 2019.](https://mlanthology.org/ijcai/2019/wang2019ijcai-heterogeneous/) doi:10.24963/IJCAI.2019/522BibTeX
@inproceedings{wang2019ijcai-heterogeneous,
title = {{Heterogeneous Graph Matching Networks for Unknown Malware Detection}},
author = {Wang, Shen and Chen, Zhengzhang and Yu, Xiao and Li, Ding and Ni, Jingchao and Tang, Lu-An and Gui, Jiaping and Li, Zhichun and Chen, Haifeng and Yu, Philip S.},
booktitle = {International Joint Conference on Artificial Intelligence},
year = {2019},
pages = {3762-3770},
doi = {10.24963/IJCAI.2019/522},
url = {https://mlanthology.org/ijcai/2019/wang2019ijcai-heterogeneous/}
}