Directional Graph Transformer-Based Control Flow Embedding for Malware Classification

Hyung Jun Moon; Seok Jun Bu; Sung Bae Cho

doi:10.1007/978-3-030-91608-4_42

Directional Graph Transformer-Based Control Flow Embedding for Malware Classification

Hyung Jun Moon, Seok Jun Bu, Sung Bae Cho

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Considering the fatality of malware attacks, the data-driven approach using massive malware observations has been verified. Deep learning-based approaches to learn the unified features by exploiting the local and sequential nature of control flow graph achieved the best performance. However, only considering local and sequential information from graph-based malware representation is not enough to model the semantics, such as structural and functional nature of malware. In this paper, functional nature are combined to the control flow graph by adding opcodes, and structural nature is embedded through DeepWalk algorithm. Subsequently, we propose the transformer-based malware control flow embedding to overcome the difficulty in modeling the long-term control flow and to selectively learn the code embeddings. Extensive experiments achieved performance improvement compared to the latest deep learning-based graph embedding methods, and in a 37.50% improvement in recall was confirmed for the Simda botnet attack.

Original language	English
Title of host publication	Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings
Editors	David Camacho, Peter Tino, Richard Allmendinger, Hujun Yin, Antonio J. Tallón-Ballesteros, Ke Tang, Sung-Bae Cho, Paulo Novais, Susana Nascimento
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	426-436
Number of pages	11
ISBN (Print)	9783030916077
DOIs	https://doi.org/10.1007/978-3-030-91608-4_42
Publication status	Published - 2021
Event	22nd International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2021 - Virtual, Online Duration: 2021 Nov 25 → 2021 Nov 27

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13113 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	22nd International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2021
City	Virtual, Online
Period	21/11/25 → 21/11/27

Bibliographical note

Funding Information:
Acknowledgment. This work was supported by an IITP grant funded by the Korean government (MSIT) (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and Air Force Defense Research Sciences Program funded by Air Force Office of Scientific Research.

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-91608-4_42

Cite this

Moon, H. J., Bu, S. J., & Cho, S. B. (2021). Directional Graph Transformer-Based Control Flow Embedding for Malware Classification. In D. Camacho, P. Tino, R. Allmendinger, H. Yin, A. J. Tallón-Ballesteros, K. Tang, S-B. Cho, P. Novais, & S. Nascimento (Eds.), Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings (pp. 426-436). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13113 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-91608-4_42

Moon, Hyung Jun ; Bu, Seok Jun ; Cho, Sung Bae. / Directional Graph Transformer-Based Control Flow Embedding for Malware Classification. Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings. editor / David Camacho ; Peter Tino ; Richard Allmendinger ; Hujun Yin ; Antonio J. Tallón-Ballesteros ; Ke Tang ; Sung-Bae Cho ; Paulo Novais ; Susana Nascimento. Springer Science and Business Media Deutschland GmbH, 2021. pp. 426-436 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{bb1e003e6ea74bb08d0d9125404580ed,

title = "Directional Graph Transformer-Based Control Flow Embedding for Malware Classification",

abstract = "Considering the fatality of malware attacks, the data-driven approach using massive malware observations has been verified. Deep learning-based approaches to learn the unified features by exploiting the local and sequential nature of control flow graph achieved the best performance. However, only considering local and sequential information from graph-based malware representation is not enough to model the semantics, such as structural and functional nature of malware. In this paper, functional nature are combined to the control flow graph by adding opcodes, and structural nature is embedded through DeepWalk algorithm. Subsequently, we propose the transformer-based malware control flow embedding to overcome the difficulty in modeling the long-term control flow and to selectively learn the code embeddings. Extensive experiments achieved performance improvement compared to the latest deep learning-based graph embedding methods, and in a 37.50% improvement in recall was confirmed for the Simda botnet attack.",

author = "Moon, {Hyung Jun} and Bu, {Seok Jun} and Cho, {Sung Bae}",

note = "Funding Information: Acknowledgment. This work was supported by an IITP grant funded by the Korean government (MSIT) (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and Air Force Defense Research Sciences Program funded by Air Force Office of Scientific Research. Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 22nd International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2021 ; Conference date: 25-11-2021 Through 27-11-2021",

year = "2021",

doi = "10.1007/978-3-030-91608-4_42",

language = "English",

isbn = "9783030916077",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "426--436",

editor = "David Camacho and Peter Tino and Richard Allmendinger and Hujun Yin and Tall{\'o}n-Ballesteros, {Antonio J.} and Ke Tang and Sung-Bae Cho and Paulo Novais and Susana Nascimento",

booktitle = "Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings",

address = "Germany",

}

Moon, HJ, Bu, SJ & Cho, SB 2021, Directional Graph Transformer-Based Control Flow Embedding for Malware Classification. in D Camacho, P Tino, R Allmendinger, H Yin, AJ Tallón-Ballesteros, K Tang, S-B Cho, P Novais & S Nascimento (eds), Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13113 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 426-436, 22nd International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2021, Virtual, Online, 21/11/25. https://doi.org/10.1007/978-3-030-91608-4_42

Directional Graph Transformer-Based Control Flow Embedding for Malware Classification. / Moon, Hyung Jun; Bu, Seok Jun; Cho, Sung Bae.

Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings. ed. / David Camacho; Peter Tino; Richard Allmendinger; Hujun Yin; Antonio J. Tallón-Ballesteros; Ke Tang; Sung-Bae Cho; Paulo Novais; Susana Nascimento. Springer Science and Business Media Deutschland GmbH, 2021. p. 426-436 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13113 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Directional Graph Transformer-Based Control Flow Embedding for Malware Classification

AU - Moon, Hyung Jun

AU - Bu, Seok Jun

AU - Cho, Sung Bae

N1 - Funding Information: Acknowledgment. This work was supported by an IITP grant funded by the Korean government (MSIT) (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and Air Force Defense Research Sciences Program funded by Air Force Office of Scientific Research. Publisher Copyright: © 2021, Springer Nature Switzerland AG.

PY - 2021

Y1 - 2021

N2 - Considering the fatality of malware attacks, the data-driven approach using massive malware observations has been verified. Deep learning-based approaches to learn the unified features by exploiting the local and sequential nature of control flow graph achieved the best performance. However, only considering local and sequential information from graph-based malware representation is not enough to model the semantics, such as structural and functional nature of malware. In this paper, functional nature are combined to the control flow graph by adding opcodes, and structural nature is embedded through DeepWalk algorithm. Subsequently, we propose the transformer-based malware control flow embedding to overcome the difficulty in modeling the long-term control flow and to selectively learn the code embeddings. Extensive experiments achieved performance improvement compared to the latest deep learning-based graph embedding methods, and in a 37.50% improvement in recall was confirmed for the Simda botnet attack.

AB - Considering the fatality of malware attacks, the data-driven approach using massive malware observations has been verified. Deep learning-based approaches to learn the unified features by exploiting the local and sequential nature of control flow graph achieved the best performance. However, only considering local and sequential information from graph-based malware representation is not enough to model the semantics, such as structural and functional nature of malware. In this paper, functional nature are combined to the control flow graph by adding opcodes, and structural nature is embedded through DeepWalk algorithm. Subsequently, we propose the transformer-based malware control flow embedding to overcome the difficulty in modeling the long-term control flow and to selectively learn the code embeddings. Extensive experiments achieved performance improvement compared to the latest deep learning-based graph embedding methods, and in a 37.50% improvement in recall was confirmed for the Simda botnet attack.

UR - http://www.scopus.com/inward/record.url?scp=85126431246&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85126431246&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-91608-4_42

DO - 10.1007/978-3-030-91608-4_42

M3 - Conference contribution

AN - SCOPUS:85126431246

SN - 9783030916077

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 426

EP - 436

BT - Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings

A2 - Camacho, David

A2 - Tino, Peter

A2 - Allmendinger, Richard

A2 - Yin, Hujun

A2 - Tallón-Ballesteros, Antonio J.

A2 - Tang, Ke

A2 - Cho, Sung-Bae

A2 - Novais, Paulo

A2 - Nascimento, Susana

PB - Springer Science and Business Media Deutschland GmbH

T2 - 22nd International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2021

Y2 - 25 November 2021 through 27 November 2021

ER -

Moon HJ, Bu SJ, Cho SB. Directional Graph Transformer-Based Control Flow Embedding for Malware Classification. In Camacho D, Tino P, Allmendinger R, Yin H, Tallón-Ballesteros AJ, Tang K, Cho S-B, Novais P, Nascimento S, editors, Intelligent Data Engineering and Automated Learning - 22nd International Conference, IDEAL 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 426-436. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-91608-4_42

Directional Graph Transformer-Based Control Flow Embedding for Malware Classification

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this