Content-Agnostic Malware Detection in Heterogeneous Malicious Distribution Graph
Title | Content-Agnostic Malware Detection in Heterogeneous Malicious Distribution Graph |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Alabdulmohsin, Ibrahim, Han, YuFei, Shen, Yun, Zhang, XiangLiang |
Conference Name | Proceedings of the 25th ACM International on Conference on Information and Knowledge Management |
Date Published | October 2016 |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4073-1 |
Keywords | Algorithm, Bayesian inference, composability, data mining, download activity graph, edge detection, graph theory, label propagation, malware analysis, malware detection, malware mitigation, Metrics, pubcrawl, Resiliency, Scalability, security, semi-supervised learning |
Abstract | Malware detection has been widely studied by analysing either file dropping relationships or characteristics of the file distribution network. This paper, for the first time, studies a global heterogeneous malware delivery graph fusing file dropping relationship and the topology of the file distribution network. The integration offers a unique ability of structuring the end-to-end distribution relationship. However, it brings large heterogeneous graphs to analysis. In our study, an average daily generated graph has more than 4 million edges and 2.7 million nodes that differ in type, such as IPs, URLs, and files. We propose a novel Bayesian label propagation model to unify the multi-source information, including content-agnostic features of different node types and topological information of the heterogeneous network. Our approach does not need to examine the source codes nor inspect the dynamic behaviours of a binary. Instead, it estimates the maliciousness of a given file through a semi-supervised label propagation procedure, which has a linear time complexity w.r.t. the number of nodes and edges. The evaluation on 567 million real-world download events validates that our proposed approach efficiently detects malware with a high accuracy. |
URL | https://dl.acm.org/doi/10.1145/2983323.2983700 |
DOI | 10.1145/2983323.2983700 |
Citation Key | alabdulmohsin_content-agnostic_2016 |