Heterogeneous Graph Matching Networks for Unknown Malware Detection

Publication Date: 8/16/2019

Event: The 28th International Joint Conference on Artificial Intelligence (IJCAI 2019)

Reference: pp. 3762-3770, 2019

Authors: Shen Wang, NEC Laboratories America, Inc.; University of Illinois at Chicago; Zhengzhang Chen, NEC Laboratories America, Inc.; Xiao Yu, NEC Laboratories America, Inc.; Ding Li, NEC Laboratories America, Inc.; Jingchao Ni, NEC Laboratories America, Inc.; Lu-An Tang, NEC Laboratories America, Inc.; Jiaping Gui, NEC Laboratories America, Inc.; Zhichun Li, NEC Laboratories America, Inc.; Haifeng Chen, NEC Laboratories America, Inc.; Philips Yu, University of Illinois at Chicago

Abstract: Information systems have widely been the target of malware attacks. Traditional signature-based malicious program detection algorithms can only detect known malware and are prone to evasion techniques such as binary obfuscation, while behavior-based approaches highly rely on the malware training samples and incur prohibitively high training cost. To address the limitations of existing techniques, we propose MatchGNet, a heterogeneous Graph Matching Network model to learn the graph representation and similarity metric simultaneously based on the invariant graph modeling of the program’s execution behaviors. We conduct a systematic evaluation of our model and show that it is accurate in detecting malicious program behavior and can help detect malware attacks with less false positives. MatchGNet outperforms the state-of-the-art algorithms in malware detection by generating 50% less false positives while keeping zero false negatives.

Publication Link: https://www.ijcai.org/proceedings/2019/522