• BejaGNN: behavior-based Java m...

Treffer: BejaGNN: behavior-based Java malware detection via graph neural network.

Title:
BejaGNN: behavior-based Java malware detection via graph neural network.
Authors:
Feng P; School of Cyber Engineering, Xidian University, Xi'an, 710071 Shaanxi China., Yang L; School of Computer Science & Technology, Xidian University, Xi'an, 710071 Shaanxi China., Lu D; School of Computer Science & Technology, Xidian University, Xi'an, 710071 Shaanxi China., Xi N; School of Cyber Engineering, Xidian University, Xi'an, 710071 Shaanxi China., Ma J; School of Cyber Engineering, Xidian University, Xi'an, 710071 Shaanxi China.
Source:
The Journal of supercomputing [J Supercomput] 2023 Apr 17, pp. 1-25. Date of Electronic Publication: 2023 Apr 17.
Publication Model:
Ahead of Print
Publication Type:
Journal Article
Language:
English
Journal Info:
Publisher: Kluwer Academic Publishers Country of Publication: United States NLM ID: 9889997 Publication Model: Print-Electronic Cited Medium: Print ISSN: 0920-8542 (Print) Linking ISSN: 09208542 NLM ISO Abbreviation: J Supercomput
Imprint Name(s):
Original Publication: Boston : Kluwer Academic Publishers, 1987-
Contributed Indexing:
Keywords: Graph neural network; ICFG; Java malware detection; Word embedding
Entry Date(s):
Date Created: 20230626 Latest Revision: 20230928
Update Code:
20250114
PubMed Central ID:
PMC10109236
DOI:
10.1007/s11227-023-05243-x
PMID:
37359339
Database:
MEDLINE

Weitere Informationen

As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. The low code path coverage and poor execution efficiency of dynamic analysis limit the large-scale application of dynamic Java malware detection methods. Therefore, researchers turn to extracting abundant static features to implement efficient malware detection. In this paper, we explore the direction of capturing malware semantic information by using graph learning algorithms and present BejaGNN (Behavior-based Java malware detection via Graph Neural Network), a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs (Inter-procedural Control Flow Graph) from Java program files and then prunes these ICFGs to remove noisy instructions. Then, word embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F 1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.
(© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023, Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.)

Conflict of interestThe authors declare that there are no conflicts of interest regarding the publication of this article. All authors have contributed to, read, and approved this submitted manuscript in its current form. The authors declare that they have no competing financial interests.