Title | Learning Malware Using Generalized Graph Kernels |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Dam, Khanh Huu The, Touili, Tayssir |
Conference Name | Proceedings of the 13th International Conference on Availability, Reliability and Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-6448-5 |
Keywords | composability, Graph Kernel, malware detection, Metrics, pubcrawl, Resiliency, support vector machine, Support vector machines |
Abstract | Machine learning techniques were extensively applied to learn and detect malware. However, these techniques use often rough abstractions of programs. We propose in this work to use a more precise model for programs, namely extended API call graphs, where nodes correspond to API function calls, edges specify the execution order between the API functions, and edge labels indicate the dependence relation between API functions parameters. To learn such graphs, we propose to use Generalized Random Walk Graph Kernels (combined with Support Vector Machines). We implemented our techniques and obtained encouraging results for malware detection: 96.73% of detection rate with 0.73% of false alarms. |
URL | http://doi.acm.org/10.1145/3230833.3230840 |
DOI | 10.1145/3230833.3230840 |
Citation Key | dam_learning_2018 |