With the rapid iteration and mutation of malware, traditional detection methods face great challenges, especially the limitation of single-feature detection leads to insufficient accuracy. In this paper, we propose a malware detection method based on Heterogeneous Dual Branch Neural Network (MalHdb), by converting malware binaries into grayscale graphs and extracting static API sequences. It incorporates global features and behavioral features for comprehensive analysis. The grayscale graph can captures the overall structural features of the malware, and its structure remains largely unchanged even with minor code modifications, thereby effectively detect the malware and its variants. Meanwhile, the static API sequences can reflect the potential behavioral intent of the malware at the code level by extracting the list of API functions it may invoke. Experimental results indicate that the method significantly improves the detection accuracy and the F1 score across various datasets, effectively tackling the detection challenges of malware variants. In addition, this paper establishes the optimal ratio of the dual branch output dimensions via grid search and verifies the effectiveness of the model through ablation experiments. Future work will concentrate on refining the detection of obfuscation techniques and further bolstering the robustness of the model to counteract increasingly sophisticated malware attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MalHdb:Malware Detection Based on Heterogeneous Dual-Branch Neural Networks

  • Yiming Li,
  • Meichen Liu,
  • Nan Li,
  • Meimei Li,
  • Chao Liu

摘要

With the rapid iteration and mutation of malware, traditional detection methods face great challenges, especially the limitation of single-feature detection leads to insufficient accuracy. In this paper, we propose a malware detection method based on Heterogeneous Dual Branch Neural Network (MalHdb), by converting malware binaries into grayscale graphs and extracting static API sequences. It incorporates global features and behavioral features for comprehensive analysis. The grayscale graph can captures the overall structural features of the malware, and its structure remains largely unchanged even with minor code modifications, thereby effectively detect the malware and its variants. Meanwhile, the static API sequences can reflect the potential behavioral intent of the malware at the code level by extracting the list of API functions it may invoke. Experimental results indicate that the method significantly improves the detection accuracy and the F1 score across various datasets, effectively tackling the detection challenges of malware variants. In addition, this paper establishes the optimal ratio of the dual branch output dimensions via grid search and verifies the effectiveness of the model through ablation experiments. Future work will concentrate on refining the detection of obfuscation techniques and further bolstering the robustness of the model to counteract increasingly sophisticated malware attacks.