Visible to the public DLGraph: Malware Detection Using Deep Learning and Graph Embedding

TitleDLGraph: Malware Detection Using Deep Learning and Graph Embedding
Publication TypeConference Paper
Year of Publication2018
AuthorsJiang, H., Turki, T., Wang, J. T. L.
Conference Name2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA)
Date Publisheddec
Keywordsapplication program interfaces, combined feature vector classification, Deep Learning, DLGraph, Embedded systems, embedded vector, feature extraction, function-call graph, function-call graphs, graph embedding, graph theory, Human Behavior, invasive software, learning (artificial intelligence), malware analysis, malware detection, Metrics, Microsoft Windows, neural nets, noise reduction, pattern classification, privacy, pubcrawl, representation learning, Resiliency, SDA, softmax regression, stacked denoising autoencoders, static analysis, Trojan horses, Windows API calls, Windows application programming interface calls
Abstract

In this paper we present a new approach, named DLGraph, for malware detection using deep learning and graph embedding. DLGraph employs two stacked denoising autoencoders (SDAs) for representation learning, taking into consideration computer programs' function-call graphs and Windows application programming interface (API) calls. Given a program, we first use a graph embedding technique that maps the program's function-call graph to a vector in a low-dimensional feature space. One SDA in our deep learning model is used to learn a latent representation of the embedded vector of the function-call graph. The other SDA in our model is used to learn a latent representation of the given program's Windows API calls. The two learned latent representations are then merged to form a combined feature vector. Finally, we use softmax regression to classify the combined feature vector for predicting whether the given program is malware or not. Experimental results based on different datasets demonstrate the effectiveness of the proposed approach and its superiority over a related method.

URLhttps://ieeexplore.ieee.org/document/8614193
DOI10.1109/ICMLA.2018.00168
Citation Keyjiang_dlgraph:_2018