學術產出-期刊論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 Learning Dynamic Malware Representation from Common Behavior
作者 蕭舜文
Hsiao, Shun-Wen
Huang, Yi-Ting;Chen, Ting-Yi;Sun, Yeali S.
貢獻者 資管系
關鍵詞 deep learning; dynamic analysis; malware behavior analysis; malware family classification; malware representation
日期 2022-11
上傳時間 31-一月-2023 16:32:55 (UTC+8)
摘要 Malware analysis has been extensively investigated as the number and types of malware has increased dramatically. However, most previous studies use end-to-end systems to detect whether a sample is malicious, or to identify its malware family. In this paper, we introduce a framework composed of two components, RasMMA and RasNN, accounting for common characteristics within a family. While RasMMA extracts the common behaviors of malware, RasNN is designed to pretrain a composition of the common behaviors as malware representation. Different from the end-to-end models, the pretrained malware representation can be fine-tuned with one additional output layer to apply other malware applications, such as family classification. We conduct broad experiments to determine the influence of individual framework components and the feasibility of a task-specific extension model. The results show that the proposed framework outperforms the other baselines, and also demonstrates that learned malware representation can be applied to other cybersecurity application and outperform the existing system.
關聯 Journal of Information Science and Engineering, Vol.38, No.6, pp.1317-1334
資料類型 article
DOI https://doi.org/10.6688/JISE.202211_38(6).0012
dc.contributor 資管系
dc.creator (作者) 蕭舜文
dc.creator (作者) Hsiao, Shun-Wen
dc.creator (作者) Huang, Yi-Ting;Chen, Ting-Yi;Sun, Yeali S.
dc.date (日期) 2022-11
dc.date.accessioned 31-一月-2023 16:32:55 (UTC+8)-
dc.date.available 31-一月-2023 16:32:55 (UTC+8)-
dc.date.issued (上傳時間) 31-一月-2023 16:32:55 (UTC+8)-
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/143132-
dc.description.abstract (摘要) Malware analysis has been extensively investigated as the number and types of malware has increased dramatically. However, most previous studies use end-to-end systems to detect whether a sample is malicious, or to identify its malware family. In this paper, we introduce a framework composed of two components, RasMMA and RasNN, accounting for common characteristics within a family. While RasMMA extracts the common behaviors of malware, RasNN is designed to pretrain a composition of the common behaviors as malware representation. Different from the end-to-end models, the pretrained malware representation can be fine-tuned with one additional output layer to apply other malware applications, such as family classification. We conduct broad experiments to determine the influence of individual framework components and the feasibility of a task-specific extension model. The results show that the proposed framework outperforms the other baselines, and also demonstrates that learned malware representation can be applied to other cybersecurity application and outperform the existing system.
dc.format.extent 145 bytes-
dc.format.mimetype text/html-
dc.relation (關聯) Journal of Information Science and Engineering, Vol.38, No.6, pp.1317-1334
dc.subject (關鍵詞) deep learning; dynamic analysis; malware behavior analysis; malware family classification; malware representation
dc.title (題名) Learning Dynamic Malware Representation from Common Behavior
dc.type (資料類型) article
dc.identifier.doi (DOI) 10.6688/JISE.202211_38(6).0012
dc.doi.uri (DOI) https://doi.org/10.6688/JISE.202211_38(6).0012