Malware Classification by Learning Semantic and Structural Features of Control Flow Graphs
Bolun Wu, Yuanhang Xu, Futai Zou
Abstract
Malware has become one of the biggest threats in the cyber world due to its ever-evolving nature. Machine learning-based methods rely on expertise in selecting handcrafted features which is time-consuming. Recent control flow graphs (CFGs) based method makes the best of graph neural network (GNN) on malware classification. But it ignores the semantic information inside CFGs and also relies on manually-designed features. To overcome these drawbacks, in this work, we introduce a malware classification model called MCBG that applies BERT and Graph Isomorphism Network with JumpingKnowledge (GIN-JK) to capture both semantic and structural features of CFGs. We conduct 5-fold cross-validation on Microsoft Malware Classification Challenge dataset to evaluate our model and it achieves an accuracy of 99.53%. The experimental results demonstrate that building semantic models on basic blocks is essential. Besides, MCBG outperforms the model which only considers CFG's structural information. Also, without using any manually-selected feature, it outperforms those of the state-of-the-art methods based on handcrafted malware features.