File relation graph based malware detection using label propagation

Abstract

The rapid development of malicious software programs has posed severe threats to Computer and Internet security. Therefore, it motivates anti-malware industry to develop novel methods which are capable of protecting users against new threats. Existing malware detectors mostly treat the file samples separately using supervised learning algorithms. However, ignoring of relationship among file samples limits the capability of malware detectors. In this paper, we present a new malware detection method based on file relation graph to detect newly developed malware samples.When constructing file relation graph, k-nearest neighbors are chosen as adjacent nodes for each file node. Files are connected with edges which represent the similarity between the corresponding nodes. Label propagation algorithm, which propagates label information from labeled file samples to unlabeled files, is used to learn the probability that one unknown file is classified as malicious or benign. We evaluate the effectiveness of our proposed method on a real and large dataset. Experimental results demonstrate that the accuracy of our method outperforms other existing detection approaches in classifying file samples.