Feature graph construction with static features for malware detection
- URL: http://arxiv.org/abs/2404.16362v2
- Date: Fri, 22 Nov 2024 05:04:08 GMT
- Title: Feature graph construction with static features for malware detection
- Authors: Binghui Zou, Chunjie Cao, Longjuan Wang, Yinan Cheng, Chenxi Dang, Ying Liu, Jingzhang Sun,
- Abstract summary: We introduce a feature graph-based malware detection method, MFGraph, to characterize applications.
We demonstrate that it achieves an AUC score of 0.98756 on the malware detection task, outperforming other baseline models.
The AUC score of MFGraph decreases by only 5.884% in one year, indicating that it is the least affected by concept drift.
- Score: 2.6148103955115043
- License:
- Abstract: Malware can greatly compromise the integrity and trustworthiness of information and is in a constant state of evolution. Existing feature fusion-based detection methods generally overlook the correlation between features. And mere concatenation of features will reduce the model's characterization ability, lead to low detection accuracy. Moreover, these methods are susceptible to concept drift and significant degradation of the model. To address those challenges, we introduce a feature graph-based malware detection method, MFGraph, to characterize applications by learning feature-to-feature relationships to achieve improved detection accuracy while mitigating the impact of concept drift. In MFGraph, we construct a feature graph using static features extracted from binary PE files, then apply a deep graph convolutional network to learn the representation of the feature graph. Finally, we employ the representation vectors obtained from the output of a three-layer perceptron to differentiate between benign and malicious software. We evaluated our method on the EMBER dataset, and the experimental results demonstrate that it achieves an AUC score of 0.98756 on the malware detection task, outperforming other baseline models. Furthermore, the AUC score of MFGraph decreases by only 5.884% in one year, indicating that it is the least affected by concept drift.
Related papers
- YOLO-ELA: Efficient Local Attention Modeling for High-Performance Real-Time Insulator Defect Detection [0.0]
Existing detection methods for insulator defect identification from unmanned aerial vehicles struggle with complex background scenes and small objects.
This paper proposes a new attention-based foundation architecture, YOLO-ELA, to address this issue.
Experimental results on high-resolution UAV images show that our method achieved a state-of-the-art performance of 96.9% mAP0.5 and a real-time detection speed of 74.63 frames per second.
arXiv Detail & Related papers (2024-10-15T16:00:01Z) - HGOE: Hybrid External and Internal Graph Outlier Exposure for Graph Out-of-Distribution Detection [78.47008997035158]
Graph data exhibits greater diversity but lower robustness to perturbations, complicating the integration of outliers.
We propose the introduction of textbfHybrid External and Internal textbfGraph textbfOutlier textbfExposure (HGOE) to improve graph OOD detection performance.
arXiv Detail & Related papers (2024-07-31T16:55:18Z) - Imbalanced Graph-Level Anomaly Detection via Counterfactual Augmentation and Feature Learning [1.3756846638796]
We propose an imbalanced GLAD method via counterfactual augmentation and feature learning.
We apply the model to brain disease datasets, which can prove the capability of our work.
arXiv Detail & Related papers (2024-07-13T13:40:06Z) - Harmonizing Feature Maps: A Graph Convolutional Approach for Enhancing Adversarial Robustness [22.29700366929259]
adversarial perturbations can contaminate the feature space and lead to incorrect predictions.
We introduce an innovative plug-and-play module called Feature Map-based Reconstructed Graph Convolution (FMR-GC)
Experiments have demonstrated the superior performance and scalability of FMR-GC.
arXiv Detail & Related papers (2024-06-17T14:10:45Z) - GraphCloak: Safeguarding Task-specific Knowledge within Graph-structured Data from Unauthorized Exploitation [61.80017550099027]
Graph Neural Networks (GNNs) are increasingly prevalent in a variety of fields.
Growing concerns have emerged regarding the unauthorized utilization of personal data.
Recent studies have shown that imperceptible poisoning attacks are an effective method of protecting image data from such misuse.
This paper introduces GraphCloak to safeguard against the unauthorized usage of graph data.
arXiv Detail & Related papers (2023-10-11T00:50:55Z) - GIF: A General Graph Unlearning Strategy via Influence Function [63.52038638220563]
Graph Influence Function (GIF) is a model-agnostic unlearning method that can efficiently and accurately estimate parameter changes in response to a $epsilon$-mass perturbation in deleted data.
We conduct extensive experiments on four representative GNN models and three benchmark datasets to justify GIF's superiority in terms of unlearning efficacy, model utility, and unlearning efficiency.
arXiv Detail & Related papers (2023-04-06T03:02:54Z) - Energy-based Out-of-Distribution Detection for Graph Neural Networks [76.0242218180483]
We propose a simple, powerful and efficient OOD detection model for GNN-based learning on graphs, which we call GNNSafe.
GNNSafe achieves up to $17.0%$ AUROC improvement over state-of-the-arts and it could serve as simple yet strong baselines in such an under-developed area.
arXiv Detail & Related papers (2023-02-06T16:38:43Z) - Pushing the Limits of Fewshot Anomaly Detection in Industry Vision:
Graphcore [71.09522172098733]
We utilize graph representation in FSAD and provide a novel visual invariant feature (VIIF) as anomaly measurement feature.
VIIF can robustly improve the anomaly discriminating ability and can further reduce the size of redundant features stored in M.
Besides, we provide a novel model GraphCore via VIIFs that can fast implement unsupervised FSAD training and can improve the performance of anomaly detection.
arXiv Detail & Related papers (2023-01-28T03:58:32Z) - Features Based Adaptive Augmentation for Graph Contrastive Learning [0.0]
Self-Supervised learning aims to eliminate the need for expensive annotation in graph representation learning.
We introduce a Feature Based Adaptive Augmentation (FebAA) approach, which identifies and preserves potentially influential features.
We successfully improved the accuracy of GRACE and BGRL on eight graph representation learning's benchmark datasets.
arXiv Detail & Related papers (2022-07-05T03:41:20Z) - Model-Agnostic Graph Regularization for Few-Shot Learning [60.64531995451357]
We present a comprehensive study on graph embedded few-shot learning.
We introduce a graph regularization approach that allows a deeper understanding of the impact of incorporating graph information between labels.
Our approach improves the performance of strong base learners by up to 2% on Mini-ImageNet and 6.7% on ImageNet-FS.
arXiv Detail & Related papers (2021-02-14T05:28:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.