政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/159650
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 119024/150100 (79%)
造訪人次 : 85387051      線上人數 : 5071
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋
    政大機構典藏 > 商學院 > 資訊管理學系 > 期刊論文 >  Item 140.119/159650


    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/159650


    題名: Attention-Enhanced Graph Convolution Network for Malware Family Feature Extraction and Embedding
    作者: 蕭舜文
    Hsiao, Shun-Wen;Chu, Po-Yu
    貢獻者: 資管系
    關鍵詞: Graph Neural Network;;Attntion;Sequential Data;Markov Model
    日期: 2025-10
    上傳時間: 2025-09-24 09:54:18 (UTC+8)
    摘要: Understanding malware from its dynamic API call sequence is non-trivial, since the length of a call sequence might be long and the important calls might be neglected by human beings. In addition, malware call sequences are unstructured, text-based, and variable-length with semantics, making it more challenging to perform downstream analysis tasks. Unlike natural language, a call sequence may contain programming-related properties and structures, such as loops and repeated calls; therefore, this paper considers the sequence structure for analysis. In this paper, we design an Attention-Enhanced Graph Convolution Network (AEGCN) with a Markov model to learn the structure of malware call sequences for representation learning and to pinpoint the important calls in the sequence. The design of AEGCN preserves the structure of call sequences using a Markov model and adopts a customized attention structure on GCN for analysis. The proposed attention mechanism can affect the information propagation in the graph for feature extraction purposes. In real-world malware experiments, AEGCN’s sequence embeddings outperform text embedding methods and conventional GNN models in malware family classification tasks. We perform ablation experiments to examine the effectiveness of the new attention mechanisms. We also visualize the attention weight of each call to manifest its importance for the malware family classification task. That is, we can extract the features of a malware family from its unstructured call sequences to better understand the family behavior.
    關聯: IEEE Transactions on Network and Service Management, Vol. 22, No. 5, pp.4222-4238
    資料類型: article
    DOI 連結: https://doi.org/10.1109/TNSM.2025.3596134
    DOI: 10.1109/TNSM.2025.3596134
    顯示於類別:[資訊管理學系] 期刊論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML107檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋