Function Call Graphs Versus Machine Learning for Malware Detection

Authors

Deebiga Rajeswaran, San Jose State University
Fabio Troia, San Jose State University
Thomas Austin, San Jose State University
Mark Stamp, San Jose State UniversityFollow

Publication Date

September 2018

Document Type

Contribution to a Book

Publication Title

Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach

Editor

Simon Parkinson, Andrew Crampton, Richard Hill

DOI

10.1007/978-3-319-92624-7_11

First Page

259

Last Page

279

Abstract

Recent work has shown that a function call graph technique can perform well on some challenging malware detection problems. In this chapter, we compare this function call graph approach to elementary machine learning techniques that are trained on simpler features. We find that the machine learning techniques are generally more robust than the function call graphs, in the sense that the malware must be modified to a far greater extent before the machine learning techniques are significantly degraded. This work provides evidence that machine learning is likely to perform better than ad hoc approaches, particularly when faced with intelligent attackers who can attempt to exploit the inherent weaknesses in a given detection strategy.

Recommended Citation

Deebiga Rajeswaran, Fabio Troia, Thomas Austin, and Mark Stamp. "Function Call Graphs Versus Machine Learning for Malware Detection" Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach (2018): 259-279. https://doi.org/10.1007/978-3-319-92624-7_11