Using deep graph learning to improve dynamic analysis-based malware detection in PE files

Nguyen, Minh Tu; Nguyen, Viet Hung; Shone, Nathan

doi:10.1007/s11416-023-00505-x

Cited by 6 publications

(1 citation statement)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dynamic approaches are popular for their ability to capture the behaviour of samples, avoiding obfuscation techniques in the best case. It is common for these approaches to make use of system API calls as in Li et al (2022), Xiao et al (2019), and Nguyen et al (2023). All three of these works make use of a sandbox for the collection of dynamic information, as well as the use of graph structures for representation of their samples.…”

Section: Dynamic Approachesmentioning

confidence: 99%

Deep Graph Neural Networks for Malware Detection Using Ghidra P-Code

Iorizzo,

Yuan

2024

eccws

View full text Add to dashboard Cite

This work examines the effectiveness of using Ghidra P-Code as semantics-based features in a graph neural network-based malware detection system. A preliminary model exhibits a function level precision of ∼70% and a recall around ∼60%, and a precision and recall of ~55% and ~80% respectively for the program level detection task on a dataset of ∼50,000 control flow graphs extracted from functions of malicious and benign programs. Future improvements to this ongoing project include, but are not limited to, collecting dynamic control flow graph information as opposed to static graphs to provide the model with resilience to advanced malware obfuscation and encryption schemes.

show abstract

Section: Dynamic Approachesmentioning

confidence: 99%