EII-MBS: Malware family classification via enhanced adversarial instruction behavior semantic learning. Issue 122 (November 2022)
- Record Type:
- Journal Article
- Title:
- EII-MBS: Malware family classification via enhanced adversarial instruction behavior semantic learning. Issue 122 (November 2022)
- Main Title:
- EII-MBS: Malware family classification via enhanced adversarial instruction behavior semantic learning
- Authors:
- Hao, Jingwei
Luo, Senlin
Pan, Limin - Abstract:
- Abstract: Given the ever-increasing number of malware variants, detecting malware families is crucial. However, the operand semantics of assembly instructions are strongly related to the operating environment and are difficult to extract. This leads to the lack of instruction semantics and the difficulty in correctly classifying malware variants. At the same time, previous research does not mine the internal structural features of the instructions and the contextual relationships between them. This makes it difficult to efficiently identify virus variants. With this as motivation, this article presents a malware family classification method called EII-MBS (enhanced instruction-level behavior semantics learning). By abstracting the types of operands, the semantics of the operands are separated from the constraints of the operating environment. After this, the structure, relationship, and context information of the instructions are fully mined and these three aspects of instruction behavior semantics are embedded into a vector representation for the subsequent building of malware feature images. Furthermore, our method creates channel attention for capturing important features. In addition to the widely used Microsoft Malware Classification Challenge dataset, we take the lead in conducting experiments on the recently made available BODMAS dataset. The average accuracy rates of EII-MBS are 99.40% and 99.26% on the two datasets, respectively. Further experiments on differentAbstract: Given the ever-increasing number of malware variants, detecting malware families is crucial. However, the operand semantics of assembly instructions are strongly related to the operating environment and are difficult to extract. This leads to the lack of instruction semantics and the difficulty in correctly classifying malware variants. At the same time, previous research does not mine the internal structural features of the instructions and the contextual relationships between them. This makes it difficult to efficiently identify virus variants. With this as motivation, this article presents a malware family classification method called EII-MBS (enhanced instruction-level behavior semantics learning). By abstracting the types of operands, the semantics of the operands are separated from the constraints of the operating environment. After this, the structure, relationship, and context information of the instructions are fully mined and these three aspects of instruction behavior semantics are embedded into a vector representation for the subsequent building of malware feature images. Furthermore, our method creates channel attention for capturing important features. In addition to the widely used Microsoft Malware Classification Challenge dataset, we take the lead in conducting experiments on the recently made available BODMAS dataset. The average accuracy rates of EII-MBS are 99.40% and 99.26% on the two datasets, respectively. Further experiments on different proportions of training datasets and testing datasets show that our method achieves state-of-the-art malware family classification performance. … (more)
- Is Part Of:
- Computers & security. Issue 122(2022)
- Journal:
- Computers & security
- Issue:
- Issue 122(2022)
- Issue Display:
- Volume 122, Issue 122 (2022)
- Year:
- 2022
- Volume:
- 122
- Issue:
- 122
- Issue Sort Value:
- 2022-0122-0122-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-11
- Subjects:
- Malware family classification -- Behavior semantics -- Visualization -- Instruction embedding -- Channel attention
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102905 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23874.xml