Visible to the public Mal-Bert-GCN: Malware Detection by Combining Bert and GCN

Submitted by grigby1 on Mon, 09/18/2023 - 4:34pm
TitleMal-Bert-GCN: Malware Detection by Combining Bert and GCN
Publication TypeConference Paper
Year of Publication2022
AuthorsDing, Zhenquan, Xu, Hui, Guo, Yonghe, Yan, Longchuan, Cui, Lei, Hao, Zhiyu
Conference Name2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date Publisheddec
KeywordsAPI Sequence, Behavioral sciences, BERT, Deep Learning, GCN, graph neural networks, graph theory, Human Behavior, Malware, malware analysis, malware detection, Metrics, privacy, Process grap, pubcrawl, resilience, Resiliency, Resiliency Coordinator, Semantics, Technological innovation
AbstractWith the dramatic increase in malicious software, the sophistication and innovation of malware have increased over the years. In particular, the dynamic analysis based on the deep neural network has shown high accuracy in malware detection. However, most of the existing methods only employ the raw API sequence feature, which cannot accurately reflect the actual behavior of malicious programs in detail. The relationship between API calls is critical for detecting suspicious behavior. Therefore, this paper proposes a malware detection method based on the graph neural network. We first connect the API sequences executed by different processes to build a directed process graph. Then, we apply Bert to encode the API sequences of each process into node embedding, which facilitates the semantic execution information inside the processes. Finally, we employ GCN to mine the deep semantic information based on the directed process graph and node embedding. In addition to presenting the design, we have implemented and evaluated our method on 10,000 malware and 10,000 benign software datasets. The results show that the precision and recall of our detection model reach 97.84% and 97.83%, verifying the effectiveness of our proposed method.
DOI10.1109/TrustCom56396.2022.00034
Citation Keyding_mal-bert-gcn_2022
Groups: