Abstract
Malware is emerging day by day. To evade detection, many malware obfuscation techniques have emerged. Dynamic malware detection methods based on data flow graphs have attracted much attention since they can deal with the obfuscation problem to a certain extent. Many malware classification methods based on data flow graphs have been proposed. Some of them are based on user-defined features or graph similarity of data flow graphs. Graph neural networks have also recently been used to implement malware classification recently. This paper provides an overview of current data flow graph-based malware classification methods. Their respective advantages and disadvantages are summarized as well. In addition, the future trend of the data flow graph-based malware classification method is analyzed, which is of great significance for promoting the development of malware detection technology.
Spported by the Project supported by the National Natural Science Foundation, China (61602279), the Taishan Scholars Program of Shandong Province (No. ts20190936), the Excellent Youth Innovation Team Foundation of Shandong Higher School (2019KJN024), the Postdoctoral Innovation Foundation of Shandong Province (201603056), the Open Foundation of First Institute of Oceanography, China (2018002), and the Distinguished Teachers Training Plan Program of Shandong University of Science and Technology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
AV-TEST anti-virus testing agency static analysis report. https://www.avtest.org/de/statistiken/malweare
Yan, L.: Detection and classification of malicious programs based on deep learning. Xidian University
Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hack. Tech. 13, 1–12 (2017)
Jialai, W., Chao, Z., Xuyan, Q., et al.: Overview of intelligent detection of malware on windows platform. J. Comput. Res. Dev. 58(5), 18 (2021)
Bat-Erdene, M., Park, H., Li, H., Lee, H., Choi, M.S.: Entropy analysis to classify unknown packing algorithms for malware detection. Int. J. Inf. Secur. 16(3), 1–22 (2016)
Cesare, S., Xiang, Y.: A fast flowgraph based classification system for packed and polymorphic malware on the Endhost. In: IEEE International Conference on Advanced Information Networking & Applications. IEEE (2010)
Zhou, Y., Lu, T., Du, Y., Guo, R., Bao, Y., Li, Mo: Detection and analysis of windows malicious code based on thread fusion features. Comput. Eng. Appl. 1–11 (2020)
Min, X., Tianfu, Z.: Malicious code detection method based on behavioral features. Netw. Inform. 6, 14–16 (2009)
Wüchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: Proceedings of the 9th ACM symposium on Information, computer and communications security (ASIA CCS’14), pp. 271–282. Association for Computing Machinery, New York, NY, USA (2014)
Pin, Y., Yue, Z., Lei, Z.: Malware code family classification based on attribute data flow graph. Inform. Secur. Res. 6(3), 7 (2020)
Wüchner, T., Ochoa, M., Pretschner, A.: Robust and effective malware detection through quantitative data flow graph metrics. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 98–118. Springer International Publishing, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_6
Jie, W., Changqing, W.: Malware detection method based on subgraph similarity. J. Softw. 31(11), 12 (2020)
Hamilton, W., Ying, Z., Leskovee, J.: Inductive representation learning on large graphs. In: Advance in Neural Information Processing Systems, pp. 1024–1034. MIT Press, Cambridge, MA (2017)
Wang, Z., Shen, H., Cao, G., Cheng, X.: A review of graph classification research. J. Softw. 33(1), 171–192 (2022)
Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proc. of the 1st India Software Engineering Conf., pp. 5−14. ACM, New York (2008)
Park, Y., Reeves, D.S., Stamp, M.: Deriving common malware behavior through graph clustering. In: Proc. of the 6th ACM Symp. on Information, Computer and Communications Security, pp. 497−502. ACM, New York (2011)
Fan, M., et al.: Frequent subgraph based familial classification of android malware. In: IEEE International Symposium on Software Reliability Engineering. IEEE (2016)
Kwon, J.-H, Lee, J.H., Jeong, H.-C., Lee, H.: Metamorphic malware detection using subgraph matching. J. Korea Inst. Inform. Secur. Cryptology 21(2) (2011)
Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Yu, P.S.: A comprehensive survey on graph neural networks. IEEE Trans. Neural Netw. Learn. Syst. 32, 4–24 (2019)
Kip, F.T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. IEEE Trans. Neural Netw. Learn. Syst. 32, 4–24 (2016)
Schranko de Oliveira, A., Sassi, R.J.: Behavioral malware detection using deep graph convolutional neural networks. TechRxiv. Preprint (2019). https://doi.org/10.36227/techrxiv.10043099.v1
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jiang, T., Cui, L., Lin, Z., Lu, F. (2022). A Survey of Malware Classification Methods Based on Data Flow Graph. In: Wang, Y., Zhu, G., Han, Q., Wang, H., Song, X., Lu, Z. (eds) Data Science. ICPCSEE 2022. Communications in Computer and Information Science, vol 1628. Springer, Singapore. https://doi.org/10.1007/978-981-19-5194-7_7
Download citation
DOI: https://doi.org/10.1007/978-981-19-5194-7_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-5193-0
Online ISBN: 978-981-19-5194-7
eBook Packages: Computer ScienceComputer Science (R0)