The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
요즘 악성코드는 인터넷에 심각한 위협이 되고 있습니다. 기존의 시그니처 기반 악성 코드 탐지 방법은 코드 난독화를 통해 쉽게 회피할 수 있습니다. 따라서 많은 연구자들은 악성코드의 변종을 찾기 위해 난독화의 영향을 덜 받는 함수 호출 그래프와 같은 악성코드의 상위 구조를 활용하고 있다. 그러나 기존의 그래프 일치 방법은 대략적인 계산에 의존하므로 비효율적이며 정확성을 효과적으로 보장할 수 없습니다. 노드 분류 및 그래프 분류에 그래프 컨벌루션 네트워크를 성공적으로 적용한 것에서 영감을 받아 그래프 컨벌루션 네트워크를 기반으로 하는 새로운 악성코드 유사성 측정 방법을 제안합니다. 그래프 임베딩 벡터를 계산하기 위해 그래프 컨벌루션 네트워크를 사용한 다음 두 그래프 임베딩 벡터 사이의 거리를 기반으로 두 그래프의 유사성 측정 기준을 계산합니다. Kaggle 데이터세트에 대한 실험 결과, 우리의 방법은 그래프 기반의 악성코드 유사성 척도 방법에 적용될 수 있으며, 우리의 방법을 이용한 클러스터링 적용의 정확도는 높은 시간 효율성으로 97%에 이른다.
Bing-lin ZHAO
State Key Laboratory of Mathematical Engineering and Advanced Computing
Fu-dong LIU
State Key Laboratory of Mathematical Engineering and Advanced Computing
Zheng SHAN
State Key Laboratory of Mathematical Engineering and Advanced Computing
Yi-hang CHEN
State Key Laboratory of Mathematical Engineering and Advanced Computing
Jian LIU
Nanjing University of Finance and Economics
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Bing-lin ZHAO, Fu-dong LIU, Zheng SHAN, Yi-hang CHEN, Jian LIU, "Graph Similarity Metric Using Graph Convolutional Network: Application to Malware Similarity Match" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 8, pp. 1581-1585, August 2019, doi: 10.1587/transinf.2018EDL8259.
Abstract: Nowadays, malware is a serious threat to the Internet. Traditional signature-based malware detection method can be easily evaded by code obfuscation. Therefore, many researchers use the high-level structure of malware like function call graph, which is impacted less from the obfuscation, to find the malware variants. However, existing graph match methods rely on approximate calculation, which are inefficient and the accuracy cannot be effectively guaranteed. Inspired by the successful application of graph convolutional network in node classification and graph classification, we propose a novel malware similarity metric method based on graph convolutional network. We use graph convolutional network to compute the graph embedding vectors, and then we calculate the similarity metric of two graph based on the distance between two graph embedding vectors. Experimental results on the Kaggle dataset show that our method can applied to the graph based malware similarity metric method, and the accuracy of clustering application with our method reaches to 97% with high time efficiency.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDL8259/_p
부
@ARTICLE{e102-d_8_1581,
author={Bing-lin ZHAO, Fu-dong LIU, Zheng SHAN, Yi-hang CHEN, Jian LIU, },
journal={IEICE TRANSACTIONS on Information},
title={Graph Similarity Metric Using Graph Convolutional Network: Application to Malware Similarity Match},
year={2019},
volume={E102-D},
number={8},
pages={1581-1585},
abstract={Nowadays, malware is a serious threat to the Internet. Traditional signature-based malware detection method can be easily evaded by code obfuscation. Therefore, many researchers use the high-level structure of malware like function call graph, which is impacted less from the obfuscation, to find the malware variants. However, existing graph match methods rely on approximate calculation, which are inefficient and the accuracy cannot be effectively guaranteed. Inspired by the successful application of graph convolutional network in node classification and graph classification, we propose a novel malware similarity metric method based on graph convolutional network. We use graph convolutional network to compute the graph embedding vectors, and then we calculate the similarity metric of two graph based on the distance between two graph embedding vectors. Experimental results on the Kaggle dataset show that our method can applied to the graph based malware similarity metric method, and the accuracy of clustering application with our method reaches to 97% with high time efficiency.},
keywords={},
doi={10.1587/transinf.2018EDL8259},
ISSN={1745-1361},
month={August},}
부
TY - JOUR
TI - Graph Similarity Metric Using Graph Convolutional Network: Application to Malware Similarity Match
T2 - IEICE TRANSACTIONS on Information
SP - 1581
EP - 1585
AU - Bing-lin ZHAO
AU - Fu-dong LIU
AU - Zheng SHAN
AU - Yi-hang CHEN
AU - Jian LIU
PY - 2019
DO - 10.1587/transinf.2018EDL8259
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2019
AB - Nowadays, malware is a serious threat to the Internet. Traditional signature-based malware detection method can be easily evaded by code obfuscation. Therefore, many researchers use the high-level structure of malware like function call graph, which is impacted less from the obfuscation, to find the malware variants. However, existing graph match methods rely on approximate calculation, which are inefficient and the accuracy cannot be effectively guaranteed. Inspired by the successful application of graph convolutional network in node classification and graph classification, we propose a novel malware similarity metric method based on graph convolutional network. We use graph convolutional network to compute the graph embedding vectors, and then we calculate the similarity metric of two graph based on the distance between two graph embedding vectors. Experimental results on the Kaggle dataset show that our method can applied to the graph based malware similarity metric method, and the accuracy of clustering application with our method reaches to 97% with high time efficiency.
ER -