Abstract
Malware has been researched hot off the press in cyber security for a long time. With the rise of machine learning algorithms, many research works attempt to apply machine learning-based methods in malware classification. However, existing machine learning-based malware classification methods rely on many various features extracted from malware samples, which may make their system lose processing speed and generality between different operational environments. These methods can not cope with massive malware samples. To improve generality and speed of classification system, we proposed a new model to classify malware with function call graphs (FCGs) extracted from their assembly code. According to previous studies, FCG is a generic feature and it is stable against metamorphic malware. Moreover, FCG extraction is not a time-consuming process. We select DGCNN (Deep Graph Convolutional Neural Network) to embed structural information inherent in FCGs for malware classification. It can make the best of the structure information stored in FCGs and make the results more convincing and accurate compared with other methods using traditional features. We use two large datasets from different operational environments containing nearly 20K malware samples to evaluate our proposed model. The experimental results show that it can classify malware represented as FCG with satisfactory accuracy and faster processing speed.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call