Heterogeneous Graph Matching Networks for Unknown Malware Detection

Heterogeneous Graph Matching Networks for Unknown Malware Detection

Shen Wang, Zhengzhang Chen, Xiao Yu, Ding Li, Jingchao Ni, Lu-An Tang, Jiaping Gui, Zhichun Li, Haifeng Chen, Philip S. Yu

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence
Main track. Pages 3762-3770. https://doi.org/10.24963/ijcai.2019/522

Information systems have widely been the target of malware attacks. Traditional signature-based malicious program detection algorithms can only detect known malware and are prone to evasion techniques such as binary obfuscation, while behavior-based approaches highly rely on the malware training samples and incur prohibitively high training cost. To address the limitations of existing techniques, we propose MatchGNet, a heterogeneous Graph Matching Network model to learn the graph representation and similarity metric simultaneously based on the invariant graph modeling of the program's execution behaviors. We conduct a systematic evaluation of our model and show that it is accurate in detecting malicious program behavior and can help detect malware attacks with less false positives. MatchGNet outperforms the state-of-the-art algorithms in malware detection by generating 50% less false positives while keeping zero false negatives.
Keywords:
Machine Learning: Deep Learning
Machine Learning: Data Mining
Machine Learning Applications: Networks
Multidisciplinary Topics and Applications: Security and Privacy