A Malware Detection System Based on Heterogeneous Information Network

In this era of information networks, more and more malware (malicious software) poses a serious threat to security. How to detect malware attacks in a timely and effective manner becomes particularly important. The increasingly sophisticated malware calls for new defense technologies to detect and combat novelty attack and threats. In this paper, we propose a novel malware detection method that not only depends on API calls, further analyze the relationship between them and creates higher-level semantics to avoid attackers evading detection. We construct a heterogeneous information network (HIN) through their rich relationships between software and related APIs, and then use meta-path-based methods to describe the semantic relevance to software and APIs. We use each meta-path to calculate similarities between software and aggregate different similarities with Multi-kernel Learning (MKL) to construct a malware detection system. We collected real sample data and conducted a comprehensive experiment. Through experiments we have obtained a relatively high detection rate and a relatively low false detection rate, shows the effectiveness of our proposed method.