MalPro: Learning on Process-Aware Behaviors for Malware Detection

被引：4

作者：

Chen, Xiaohui ^{[1
,2
]}

Tong, Ying ^{[3
]}

Du, Chunlai ^{[4
]}

Liu, Yongji ^{[1
]}

Ding, Zhenquan ^{[1
]}

Ran, Qingyun ^{[3
]}

Zhang, Yi ^{[3
]}

Cui, Lei ^{[1
]}

Hao, Zhiyu ^{[1
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

[3] Jiangsu Prov Publ Secur Dept, Nanjing, Peoples R China

[4] North China Univ Technol, Sch Informat Sci & Technol, Beijing, Peoples R China

来源：

2022 27TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (IEEE ISCC 2022) | 2022年

基金：

中国国家自然科学基金;

关键词：

malware detection; API sequence; run-time argument; process graph; process-aware behavior; deep learning;

D O I：

10.1109/ISCC55528.2022.9913030

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Malware continuously evolve and become more and more sophisticated. Learning on execution behavior is proven to be effective for malware detection. In this paper, we present MalPro, a DNN based malware detection approach that performs learning on process-aware behaviors for Windows programs. It first employs logistic regression-based weighting method to assess the sensitivity of an API to malicious behavior, and weights the API following run-time arguments with varying degrees of sensitivities. Then, it constructs the process graph of inter-process interactions from which a set of attributes are extracted, for characterizing the relationship of various processes in term of invoke actions. Finally, it feeds the weighted API sequences and the process graph attributes into the DNN for training a binary classifier to detect malware. Moreover, we have implemented and evaluated MalPro on two datasets. The results demonstrate that our method outperforms naive models, verifying the effectiveness of MalPro.

引用

页数：7

共 50 条

[31] Equivalence of Web Services in Process-Aware Service Compositions
Rinderle-Ma, Stefanie
Reichert, Manfred
Jurisch, Martin
[J]. 2009 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, VOLS 1 AND 2, 2009, : 501 - +
[32] Unified process-aware system for circuit layout verification
Torres, J. Andres
Pikus, Fedor G.
[J]. DESIGN FOR MANUFACTURABILITY THROUGH DESIGN-PROCESS INTEGRATION, 2007, 6521
[33] Data-aware process discovery for malware detection: an empirical study
Mario Luca Bernardi
Marta Cimitile
Fabrizio Maria Maggi
[J]. Machine Learning, 2023, 112 : 1171 - 1199
[34] On the Modeling and Verification of Security-Aware and Process-Aware Information Systems
Crampton, Jason
Huth, Michael
[J]. BUSINESS PROCESS MANAGEMENT WORKSHOPS, PT II, 2012, 100 : 423 - +
[35] Context-Aware Querying and Injection of Process Fragments in Process-Aware Information Systems
Kammerer, Klaus
Pryss, Ruediger
Reichert, Manfred
[J]. 2020 IEEE 24TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE (EDOC 2020), 2020, : 107 - 114
[36] Data-aware process discovery for malware detection: an empirical study
Bernardi, Mario Luca
Cimitile, Marta
Maggi, Fabrizio Maria
[J]. MACHINE LEARNING, 2023, 112 (04) : 1171 - 1199
[37] Designing and architecting process-aware Web applications with EPML
Rossi, Davide
Turrini, Elisa
[J]. APPLIED COMPUTING 2008, VOLS 1-3, 2008, : 2409 - 2414
[38] Process-Aware Dialogue System With Clinical Guideline Knowledge
Wang, Meng
Gao, Feng
Gu, Jinguang
[J]. INTERNATIONAL JOURNAL OF WEB SERVICES RESEARCH, 2022, 19 (01)
[39] Process-aware service composition based on Petri net
Department of Computer Science and Engineering, Tongji University, Shanghai 201804, China
不详
[J]. J. Harbin Inst. Technol., 2008, SUPPL. (162-166):
[40] A Process-Aware IoT Application Execution Environment Design
Park, Minjae
Kim, Hyunah
Ahn, Hyun
Kim, Kwanghoon Pio
[J]. 2018 20TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY (ICACT), 2018, : 724 - 727

← 1 2 3 4 5 →