Browse > Article
http://dx.doi.org/10.7471/ikeee.2021.25.3.451

Generating Call Graph for PE file  

Kim, DaeYoub (Dept. of Information Security, Suwon University)
Publication Information
Journal of IKEEE / v.25, no.3, 2021 , pp. 451-461 More about this Journal
Abstract
As various smart devices spread and the damage caused by malicious codes becomes more serious, malicious code detection technology using machine learning technology is attracting attention. However, if the training data of machine learning is constructed based on only the fragmentary characteristics of the code, it is still easy to create variants and new malicious codes that avoid it. To solve such a problem, a research using the function call relationship of malicious code as training data is attracting attention. In particular, it is expected that more advanced malware detection will be possible by measuring the similarity of graphs using GNN. This paper proposes an efficient method to generate a function call graph from binary code to utilize GNN for malware detection.
Keywords
FCF; FCG; Disassembly; PE file; Malware; GNN;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T. Toma and M Islam, "An efficient mechanism of generating call graph for JavaScript using dynamic analysis in web application," International Conference on Informatics, Electronics & Vision (ICIEV), 2014. DOI: 10.1109/ICIEV.2014.6850807   DOI
2 "Malware hidden site detection trend report in the second half of 2020," Korea Internet & Security Agency, 2021. online: https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=35872
3 M. Singh and S. Kim, "Security analysis of intelligent vehicles: Challenges and scope," 2017 International SoC Design Conference (ISOCC), pp.5-8 2017. DOI: 10.1109/ISOCC.2017.8368805   DOI
4 E. Amer and I. Zelinka, "A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence," Computers & Security, 2020. DOI: 10.1016/j.cose.2020.101760   DOI
5 A. Ahmed, E. Elhadi1, M. A. Maarof1 and B. I. A. Barry, "Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph," International Journal of Security and Its Applications, vol.7, no.5, pp.29-42, 2013. DOI: 10.14257/ijsia.2013.7.5.03   DOI
6 "Malware characteristic information for using artificial intelligence technology," Korea Internet & Security Agency, 2021. online: https://krcert.or.kr/data/reportView.do?bulletin_writing_sequence=36076
7 P. Deshpande, "Metamorphic Detection Using Function Call Graph Analysis," Master's Theses and Graduate Research, 2013, online: https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1334&context=etd_projects
8 J. Bai ,Q. Shi, and S. Mu, "A Malware and Variant Detection Method Using Function Call Graph Isomorphism," Security and Communication Networks, vol.2019. 2019. DOI: 10.1155/2019/1043794   DOI
9 D. Rajeswaran, F. D. Troia, T. H. Austin and M. Stamp, "Function Call Graphs Versus Machine Learning for Malware Detection," In book: Guide to Vulnerability Analysis for Computer Networks and Systems, pp.259-279, 2018. DOI: 10.1007/978-3-319-92624-7_11
10 D. Rajeswaran, "Function Call Graph Score for Malware Detection," Master's Theses and Graduate Research, 2015, online: https://core.ac.uk/download/pdf/70424797.pdf
11 S. Yang, S. Li, W. Chen, and Y. LIU, "A Real-Time and adaptive-Learning Malware Detection Method Based On API-Pair Graph," IEEE Access, vol.8, pp.120-135, 2020. DOI: 10.1109/ACCESS.2020.3038453   DOI
12 Z. Liu and J. Zhou, "Introducation to Graph Neural Networks," Morgan & Claypool Publishers, 2020.
13 M. Caia, Y. Jiangab, C. Gaoa, H. Lia, and W. Yuan, "Learning features from enhanced function call graphs for Android malware detection," Neurocomputing, vol.423, pp.301-307, 2021. DOI: 10.1016/j.neucom.2020.10.054   DOI
14 D. Andriesse, X. Chen, V. Veen, A. Slowinska, and H. Bos, "An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries," the Proceedings of the 25th USENIX Security Symposium, pp.583-600, 2016. DOI: 10.5555/3241094.3241140
15 Lee, Taejin, "Trends in intelligent malware analysis technology using machine learning," Korea Institute of Information Security and Cryptology, Vol.28, No.2, pp.12-19, 2018.