Learning Dynamic Malware Representation From Common Behavior
Journal
Journal of Information Science and Engineering
Journal Volume
38
Journal Issue
6
Pages
1317-1334
Date Issued
2022-11
Author(s)
Abstract
Malware analysis has been extensively investigated as the number and types of malware has increased dramatically. However, most previous studies use end-to-end systems to detect whether a sample is malicious, or to identify its malware family. In this paper, we introduce a framework composed of two components, RasMMA and RasNN, accounting for common characteristics within a family. While RasMMA extracts the common behaviors of malware, RasNN is designed to pretrain a composition of the common behaviors as malware representation. Different from the end-to-end models, the pre-trained malware representation can be fine-tuned with one additional output layer to apply other malware applications, such as family classification. We conduct broad experiments to determine the influence of individual framework components and the feasibility of a task-specific extension model. The results show that the proposed framework outperforms the other baselines, and also demonstrates that learned malware representation can be applied to other cybersecurity application and outperform the existing system.
Subjects
deep learning | dynamic analysis | malware behavior analysis | malware family classification | malware representation
Publisher
Institute of Information Science
Type
journal article