TY - GEN
T1 - POSTER
T2 - 17th ACM ASIA Conference on Computer and Communications Security 2022, ASIA CCS 2022
AU - Sun, Qirui
AU - Abdukhamidov, Eldor
AU - Abuhmed, Tamer
AU - Abuhamad, Mohammed
N1 - Publisher Copyright:
© 2022 Owner/Author.
PY - 2022/5/30
Y1 - 2022/5/30
N2 - The rapid pace of malware development and the widespread use of code obfuscation, polymorphism, and morphing techniques pose a considerable challenge to detecting and analyzing malware. Today, it is difficult for antivirus applications to use traditional signature-based detection methods to detect morphing malware. Thus, the emergence of structure graph-based detection methods has become a hope to solve this challenge. In this work, we propose a method for detecting malware using graphs' spectral heat and wave signatures, which are efficient and size- and permutation-invariant. We extracted 250 and 1,000 heat and wave representations, and we trained and tested heat and wave representations on eight machine learning classifiers. We used a dataset of 37,537 unpacked Windows malware executables and extracted the control flow graph (CFG) of each windows malware to obtain the spectral representations. Our experimental results showed that by using heat and wave spectral graph theory, the best malware analysis accuracy reached 95.9%.
AB - The rapid pace of malware development and the widespread use of code obfuscation, polymorphism, and morphing techniques pose a considerable challenge to detecting and analyzing malware. Today, it is difficult for antivirus applications to use traditional signature-based detection methods to detect morphing malware. Thus, the emergence of structure graph-based detection methods has become a hope to solve this challenge. In this work, we propose a method for detecting malware using graphs' spectral heat and wave signatures, which are efficient and size- and permutation-invariant. We extracted 250 and 1,000 heat and wave representations, and we trained and tested heat and wave representations on eight machine learning classifiers. We used a dataset of 37,537 unpacked Windows malware executables and extracted the control flow graph (CFG) of each windows malware to obtain the spectral representations. Our experimental results showed that by using heat and wave spectral graph theory, the best malware analysis accuracy reached 95.9%.
KW - malware detection
KW - size-invariant representations
KW - spectral representation
KW - windows executable binaries
UR - https://www.scopus.com/pages/publications/85133170751
U2 - 10.1145/3488932.3527294
DO - 10.1145/3488932.3527294
M3 - Conference contribution
AN - SCOPUS:85133170751
T3 - ASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
SP - 1240
EP - 1242
BT - ASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 30 May 2022 through 3 June 2022
ER -