English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 118524/149574 (79%)
Visitors : 79024052      Online Users : 155
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 商學院 > 資訊管理學系 > 期刊論文 >  Item 140.119/159650


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/159650


    Title: Attention-Enhanced Graph Convolution Network for Malware Family Feature Extraction and Embedding
    Authors: 蕭舜文
    Hsiao, Shun-Wen;Chu, Po-Yu
    Contributors: 資管系
    Keywords: Graph Neural Network;;Attntion;Sequential Data;Markov Model
    Date: 2025-08
    Issue Date: 2025-09-24 09:54:18 (UTC+8)
    Abstract: Understanding malware from its dynamic API call sequence is non-trivial, since the length of a call sequence might be long and the important calls might be neglected by human beings. In addition, malware call sequences are unstructured, text-based, and variable-length with semantics, making it more challenging to perform downstream analysis tasks. Unlike natural language, a call sequence may contain programming-related properties and structures, such as loops and repeated calls; therefore, this paper considers the sequence structure for analysis. In this paper, we design an Attention-Enhanced Graph Convolution Network (AEGCN) with a Markov model to learn the structure of malware call sequences for representation learning and to pinpoint the important calls in the sequence. The design of AEGCN preserves the structure of call sequences using a Markov model and adopts a customized attention structure on GCN for analysis. The proposed attention mechanism can affect the information propagation in the graph for feature extraction purposes. In real-world malware experiments, AEGCN’s sequence embeddings outperform text embedding methods and conventional GNN models in malware family classification tasks. We perform ablation experiments to examine the effectiveness of the new attention mechanisms. We also visualize the attention weight of each call to manifest its importance for the malware family classification task. That is, we can extract the features of a malware family from its unstructured call sequences to better understand the family behavior.
    Relation: IEEE Transactions on Network and Service Management, pp.1-17
    Data Type: article
    DOI 連結: https://doi.org/10.1109/TNSM.2025.3596134
    DOI: 10.1109/TNSM.2025.3596134
    Appears in Collections:[資訊管理學系] 期刊論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML39View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback