  • 靖蓉琦,姜政伟,汪秋云,刘奇旭,汪姝玮,凌辰.基于知识图谱的恶意代码分析综述[J].信息安全学报,已采用    [点击复制]
  • JingRongQi,JiangZhengWei,WangQiuYun,LiuQiXu,WangShuWei,LingChen.Malware Analysis Based on Knowledge Graph: A Survey[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 4697次   下载 141  
靖蓉琦, 姜政伟, 汪秋云, 刘奇旭, 汪姝玮, 凌辰
关键词:  恶意代码分析  知识图谱  本体构建  恶意代码分类  图算法
Malware Analysis Based on Knowledge Graph: A Survey
JingRongQi, JiangZhengWei, WangQiuYun, LiuQiXu, WangShuWei, LingChen
(Institute of Information Engineering,Chinese Academy of Sciences)
With the escalation of network security attack and defense confrontation, complex and changeable malware poses new challenges to the detection and analysis of network security threats. With its unique capacity to capture and integrate the information about malware features, the structured representation of graphs, especially knowledge graphs, showing great potential in the malware research field. At the same time, with the help of algorithms such as graph matching, graph embedding or graph neural networks, the attribute information of nodes and the topological relationship between them can be processed by the technology of knowledge graph, which shows a great prospect in the field of malware detection and analysis. At present, the research on knowledge-graph-based malware analysis can be divided into two aspects: one is the research on the construction of malware knowledge graph, including the unified definition, the instantiated extraction of knowledge representation and the ontology model. The other is the structure characteristics of graph obtained by comprehensive malware analysis, using the correlation graph algorithm technology to detect and analyze the upper-layer malware. Starting from the development trend of malware, this paper first introduces the research progress of the representation, creation and application of knowledge graph, summarizes the advantages and limitations of the existing analysis methods using dynamic and static characteristics and artificial intelligence models, thus draw forth the important research interests of the combination of knowledge graph and malware. Then analyzes the definition and representation of the malware knowledge graph that integrates multi-structure data, as well as the models using different methods, including entity recognition, relationship extraction and so on. After that, expounds the exploration and application of graph computing in the scene of malware detection and analysis, and the results show that the graph correlation technology is effective in detection, identification and comprehensive analysis of malware. Finally, on the basis of discussions such as the difficulty of unifying the definition of the malware knowledge graph mode, the insufficiency of the mining and utilization of graph information, and the vulnerability of graph analysis models, this paper proposed the solutions for reference and projected directions of the research.
Key words:  malware analysis  knowledge graph  ontology construction  malware classification  graph algorithms