Sequential opcode embedding-based malware detection method

Kakisim A. G., Gulmez S., Sogukpinar I.

Computers and Electrical Engineering, cilt.98, 2022 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 98
  • Basım Tarihi: 2022
  • Doi Numarası: 10.1016/j.compeleceng.2022.107703
  • Dergi Adı: Computers and Electrical Engineering
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Applied Science & Technology Source, Communication Abstracts, Computer & Applied Sciences, INSPEC, Metadex, zbMATH, Civil Engineering Abstracts
  • Anahtar Kelimeler: Malware detection, Opcode sequence, Embedding, Random walk, Static analysis, Opcode graph, CLASSIFICATION
  • Kocaeli Üniversitesi Adresli: Hayır

Özet

© 2022In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection mechanisms. However, opcode sequences are often very long. Thus, the feature learning process is to be time-consuming when using the entire sequence or could be ineffective when only a partial part of the sequence is used. In this work, we propose a new malware detection approach, called Sequential Opcode Embedding-based Malware Detection (SOEMD), which aims at capturing common malicious patterns in sequential opcodes. To avoid dealing with the long opcode sequences, SOEMD uses Random walk approach with edge and node selection processes. The proposed method constructs a new vector space that consists of low-dimensional sequential opcode embeddings using an embedding method. Experimental results demonstrate that SOEMD outperforms the baseline methods and provides 100% malware detection.