| dc.contributor | 資管系 | - |
| dc.creator (作者) | 蕭舜文 | - |
| dc.creator (作者) | Hsiao, Shun-Wen;Chu, Po-Yu | - |
| dc.date (日期) | 2025-10 | - |
| dc.date.accessioned | 24-九月-2025 09:54:18 (UTC+8) | - |
| dc.date.available | 24-九月-2025 09:54:18 (UTC+8) | - |
| dc.date.issued (上傳時間) | 24-九月-2025 09:54:18 (UTC+8) | - |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/159650 | - |
| dc.description.abstract (摘要) | Understanding malware from its dynamic API call sequence is non-trivial, since the length of a call sequence might be long and the important calls might be neglected by human beings. In addition, malware call sequences are unstructured, text-based, and variable-length with semantics, making it more challenging to perform downstream analysis tasks. Unlike natural language, a call sequence may contain programming-related properties and structures, such as loops and repeated calls; therefore, this paper considers the sequence structure for analysis. In this paper, we design an Attention-Enhanced Graph Convolution Network (AEGCN) with a Markov model to learn the structure of malware call sequences for representation learning and to pinpoint the important calls in the sequence. The design of AEGCN preserves the structure of call sequences using a Markov model and adopts a customized attention structure on GCN for analysis. The proposed attention mechanism can affect the information propagation in the graph for feature extraction purposes. In real-world malware experiments, AEGCN’s sequence embeddings outperform text embedding methods and conventional GNN models in malware family classification tasks. We perform ablation experiments to examine the effectiveness of the new attention mechanisms. We also visualize the attention weight of each call to manifest its importance for the malware family classification task. That is, we can extract the features of a malware family from its unstructured call sequences to better understand the family behavior. | - |
| dc.format.extent | 105 bytes | - |
| dc.format.mimetype | text/html | - |
| dc.relation (關聯) | IEEE Transactions on Network and Service Management, Vol. 22, No. 5, pp.4222-4238 | - |
| dc.subject (關鍵詞) | Graph Neural Network; ; Attntion; Sequential Data; Markov Model | - |
| dc.title (題名) | Attention-Enhanced Graph Convolution Network for Malware Family Feature Extraction and Embedding | - |
| dc.type (資料類型) | article | - |
| dc.identifier.doi (DOI) | 10.1109/TNSM.2025.3596134 | - |
| dc.doi.uri (DOI) | https://doi.org/10.1109/TNSM.2025.3596134 | - |
