Resumen de Learning edge weights in file co-occurrence graphs for malware detection

Weixuan Mao, Zhongmin Cai, Bo Zeng, Xiaohong Guan

• The cloud based security service generates a new type of security data, which indicates the occurrence of executable files in end hosts. With the basis of the security data, semi-supervised learning on file co-occurrence graph provides a novel perspective for malware detection. The edge weight, which quantifies the correlation of the labels (either benign or malicious) of co-occurred files, plays a significant role in such techniques. While previous work employed heuristic methods of defining edge weights in the file co-occurrence graph, this paper develops a novel framework for learning the edge weights via minimizing the error under the harmonic property which is implied from the graph. Our method is proven to achieve the unique global optimal edge weights in the graph of training instances. Furthermore, taking advantage of the learned edge weights between co-occurred files, we develop a graph based semi-supervised learning method for malware detection. Experimental results on a real-world dataset, which consists of 12,469 benign and 11,327 malicious executable files from 11,713,031 end hosts, demonstrate the efficacy of our method. Our malware detection approach with the learned edge weights significantly outperforms existing approaches with commonly used heuristic edge weights.