Learning Dynamic Malware Representation from Common Behavior | NCCU Academic Hub

Publications-Periodical Articles

Article View/Open

html(136)

Publication Export

Google Scholar^TM

NCCU Library

Discovery System

Citation Infomation

Related Publications in TAIR

Simple Record
Full Record

題名	Learning Dynamic Malware Representation from Common Behavior
作者	蕭舜文 Hsiao, Shun-Wen Huang, Yi-Ting;Chen, Ting-Yi;Sun, Yeali S.
貢獻者	資管系
關鍵詞	deep learning; dynamic analysis; malware behavior analysis; malware family classification; malware representation
日期	2022-11
上傳時間	31-Jan-2023 16:32:55 (UTC+8)
摘要	Malware analysis has been extensively investigated as the number and types of malware has increased dramatically. However, most previous studies use end-to-end systems to detect whether a sample is malicious, or to identify its malware family. In this paper, we introduce a framework composed of two components, RasMMA and RasNN, accounting for common characteristics within a family. While RasMMA extracts the common behaviors of malware, RasNN is designed to pretrain a composition of the common behaviors as malware representation. Different from the end-to-end models, the pretrained malware representation can be fine-tuned with one additional output layer to apply other malware applications, such as family classification. We conduct broad experiments to determine the influence of individual framework components and the feasibility of a task-specific extension model. The results show that the proposed framework outperforms the other baselines, and also demonstrates that learned malware representation can be applied to other cybersecurity application and outperform the existing system.
關聯	Journal of Information Science and Engineering, Vol.38, No.6, pp.1317-1334
資料類型	article
DOI	https://doi.org/10.6688/JISE.202211_38(6).0012

dc.contributor	資管系
dc.creator (作者)	蕭舜文
dc.creator (作者)	Hsiao, Shun-Wen
dc.creator (作者)	Huang, Yi-Ting;Chen, Ting-Yi;Sun, Yeali S.
dc.date (日期)	2022-11
dc.date.accessioned	31-Jan-2023 16:32:55 (UTC+8)	-
dc.date.available	31-Jan-2023 16:32:55 (UTC+8)	-
dc.date.issued (上傳時間)	31-Jan-2023 16:32:55 (UTC+8)	-
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/143132	-
dc.description.abstract (摘要)	Malware analysis has been extensively investigated as the number and types of malware has increased dramatically. However, most previous studies use end-to-end systems to detect whether a sample is malicious, or to identify its malware family. In this paper, we introduce a framework composed of two components, RasMMA and RasNN, accounting for common characteristics within a family. While RasMMA extracts the common behaviors of malware, RasNN is designed to pretrain a composition of the common behaviors as malware representation. Different from the end-to-end models, the pretrained malware representation can be fine-tuned with one additional output layer to apply other malware applications, such as family classification. We conduct broad experiments to determine the influence of individual framework components and the feasibility of a task-specific extension model. The results show that the proposed framework outperforms the other baselines, and also demonstrates that learned malware representation can be applied to other cybersecurity application and outperform the existing system.
dc.format.extent	145 bytes	-
dc.format.mimetype	text/html	-
dc.relation (關聯)	Journal of Information Science and Engineering, Vol.38, No.6, pp.1317-1334
dc.subject (關鍵詞)	deep learning; dynamic analysis; malware behavior analysis; malware family classification; malware representation
dc.title (題名)	Learning Dynamic Malware Representation from Common Behavior
dc.type (資料類型)	article
dc.identifier.doi (DOI)	10.6688/JISE.202211_38(6).0012
dc.doi.uri (DOI)	https://doi.org/10.6688/JISE.202211_38(6).0012