TI-MVD: A temporal interaction-enhanced model for malware variants detection

Advanced malware variants attacks have been posing catastrophes to the cyber ecosystem. However, existing malware variants detection methods are feeble for detecting the advanced malware variants due to the twofold flaws. First, most detection methods focus on analyzing the isolated features instead of investigating the meaningful contextual interactions between fine-grained malware entities, resulting in poor performance. Second, the existing graph-based detection approaches are incapable of leveraging the temporal dependence information between execution behaviors to capture the malicious evolutionary patterns and incur expensive time costs when traversing vast invalid paths. To overcome these limitations, this paper proposes TI-MVD, a temporal interaction-enhanced malware variants detection framework. TI-MVD models the fine-grained malware objects with a temporal heterogeneous graph, which can simultaneously leverage the temporal and structural embedding features to detect malware variants. Concretely, a novel end-to-end interaction-enhanced embedding approach is proposed to learn the structural embedding, which is capable of incorporating explicit and implicit interactive information between node pairs to boost detection effectiveness. Meanwhile, a strong-correlated clique method exploiting two coupled GRUs is presented to handle the temporal interactions in a parallel manner, which can drastically reduce the time cost of temporal embedding. Experimental results on four real-world datasets demonstrate that our proposed TI-MVD outperforms the state-of-the-art methods by a large margin.

Automated summary

This paper proposes a temporal interaction-enhanced malware variants detection framework called TI-MVD, which utilizes temporal and structural embedding features to detect malware variants. It introduces a novel end-to-end interaction-enhanced embedding approach to learn the structural embedding and a strong-correlated clique method to handle temporal interactions in parallel, reducing the time cost of temporal embedding. Experimental results on four real-world datasets show that TI-MVD outperforms state-of-the-art methods significantly.