Abstract
Malware continuously evolve and become more and more sophisticated. Learning on execution behavior is proven to be effective for malware detection. However, little work has been done to delve into the implications of full process information for malware detection. In this paper, we present a deep neural network based malware detection approach that performs learning on process-aware behaviors for Windows programs. It first employs logistic regression-based weighting method and machine learning-based API score learning method to aware the inner-process behavior, including API sequences and their run-time arguments. Next, it constructs the process graph by inter-process interactions from which a set of attributes are extracted, for characterizing the relationship among various processes in term of invoke actions. Finally, it feeds the process-aware features into the deep neural network for training a binary classifier to detect malware. In addition to designing, we have implemented and evaluated our proposed method on two datasets. The results demonstrate that our method outperforms naïve models when taking raw APIs as input, verifying the effectiveness of our method. Moreover, we have evaluated the robustness to adversarial attacks and concept drift on our model, and the results demonstrates the robustness of our method.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
