Visible to the public Learning Malware Using Generalized Graph Kernels

TitleLearning Malware Using Generalized Graph Kernels
Publication TypeConference Paper
Year of Publication2018
AuthorsDam, Khanh Huu The, Touili, Tayssir
Conference NameProceedings of the 13th International Conference on Availability, Reliability and Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6448-5
Keywordscomposability, Graph Kernel, malware detection, Metrics, pubcrawl, Resiliency, support vector machine, Support vector machines
AbstractMachine learning techniques were extensively applied to learn and detect malware. However, these techniques use often rough abstractions of programs. We propose in this work to use a more precise model for programs, namely extended API call graphs, where nodes correspond to API function calls, edges specify the execution order between the API functions, and edge labels indicate the dependence relation between API functions parameters. To learn such graphs, we propose to use Generalized Random Walk Graph Kernels (combined with Support Vector Machines). We implemented our techniques and obtained encouraging results for malware detection: 96.73% of detection rate with 0.73% of false alarms.
URLhttp://doi.acm.org/10.1145/3230833.3230840
DOI10.1145/3230833.3230840
Citation Keydam_learning_2018