HawkEye: Cross-Platform Malware Detection with Representation Learning on Graphs

Peng Xu, Youyi Zhang, Claudia Eckert, Apostolis Zarras

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Malicious software, widely known as malware, is one of the biggest threats to our interconnected society. Cybercriminals can utilize malware to carry out their nefarious tasks. To address this issue, analysts have developed systems that can prevent malware from successfully infecting a machine. Unfortunately, these systems come with two significant limitations. First, they frequently target one specific platform/architecture, and thus, they cannot be ubiquitous. Second, code obfuscation techniques used by malware authors can negatively influence their performance. In this paper, we design and implement HawkEye, a control-flow-graph-based cross-platform malware detection system, to tackle the problems mentioned above. In more detail, HawkEye utilizes a graph neural network to convert the control flow graphs of executable to vectors with the trainable instruction embedding and then uses a machine-learning-based classifier to create a malware detection system. We evaluate HawkEye by testing real samples on different platforms and operating systems, including Linux (x86, x64, and ARM-32), Windows (x86 and x64), and Android. The results outperform most of the existing works with an accuracy of 96.82% on Linux, 93.39% on Windows, and 99.6% on Android. To the best of our knowledge, HawkEye is the first approach to consider graph neural networks in the malware detection field, utilizing natural language processing.

Original languageEnglish
Title of host publicationArtificial Neural Networks and Machine Learning – ICANN 2021
Subtitle of host publication30th International Conference on Artificial Neural Networks, Proceedings
EditorsIgor Farkaš, Paolo Masulli, Sebastian Otte, Stefan Wermter
Place of PublicationCham
PublisherSpringer
Pages127-138
Number of pages12
Volume12893
ISBN (Electronic)978-3-030-86365-4
ISBN (Print)978-3-030-86364-7
DOIs
Publication statusPublished - 2021
Event30th International Conference on Artificial Neural Networks, ICANN 2021 - Virtual, Online at Bratislava, Slovakia
Duration: 14 Sep 202117 Sep 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer
Volume12893
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference30th International Conference on Artificial Neural Networks, ICANN 2021
Country/TerritorySlovakia
CityVirtual, Online at Bratislava
Period14/09/2117/09/21

Fingerprint

Dive into the research topics of 'HawkEye: Cross-Platform Malware Detection with Representation Learning on Graphs'. Together they form a unique fingerprint.

Cite this