【Author】
Zheng, Rui; Wang, Qiuyun; He, Jia; Fu, Jianming; Suri, Guga; Jiang, Zhengwei
【Source】SECURITY AND COMMUNICATION NETWORKS
【Abstract】Miner malware has been steadily increasing in recent years as the value of cryptocurrency rises, which poses a considerable threat to users' device security. Miner malware has obvious behavior patterns in order to participate in blockchain computing. However, most miner malware detection methods use raw bytes feature and sequential opcode as detection features. It is difficult for these methods to obtain better detection results due to not modeling robust features. In this paper, a miner malware identification method based on graph classification network is designed by analyzing the features of function call graph and control flow graph of miner malware, called MBGINet. MBGINet can model the behavior graph relationship of miner malware by extracting the connection features of critical nodes in the behavior graph. Finally, MBGINet transforms these node features into the feature vectors of the graph for miner malware identification. In the test experiments, datasets with different volumes are used for simulating real-world scenarios. The experimental results show that the MBGINet method achieves a leading and stable performance compared to the dedicated opcode detection method and obtains an accuracy improvement of 3.08% on the simulated in-the-wild dataset. Meanwhile, MBGINet gains an advantage over the general malware detection method Malconv. These experimental results demonstrate the superiority of the MBGINet method, which has excellent characteristics in adapting to realistic scenarios.
评论