Malware Classification Method Based on Knowledge Graph Enhancement
Aiming at the weak feature description ability and the lack of call relations in malware classifi-cation methods with application programming interface(API) sequences,a malware classification method based on knowledge graph enhancement was proposed. Firstly,on the basis of a function call graph,an API entity and its call relations contained in malware were extracted so as to construct an API knowledge graph for malware. Secondly,the Word2Vec technology was used to get an API sequence vector that was blended with context semantics,and the TransE technology was used to learn an API entity vector in the knowledge graph,then the blending result of the two vectors was used as the API feature. Finally,with the feature matrix that contained API,the classification model was trained on TextCNN. In the task of malware family classification,compared with the baseline models,the proposed method had a significant improvement in accuracy,reaching 93.8%,thus indicating that the classification effect of malware family could be effectively enhanced by such a knowledge graph. Meanwhile,the method was also confirmed of application value by the explainability experiment.
万方数据
维普
