Faculty of Mathematics, Physics
and Informatics
Comenius University Bratislava

Doctoral colloquium - Peter Anthony (17.4.2023)

Monday 17.4.2023 at 13:10, Lecture room I/9

13. 04. 2023 21.21 hod.
By: Damas Gruska

Peter Anthony:
An Improved Classifier for Learning and Discriminating Malware Using Knowledge Base Embedding

Malware detection is a critical task in cybersecurity, and traditional signature-based approaches are often ineffective against new and evolving threats. Recent research has shown that machine learning models can improve the accuracy of malware classification. However, existing methods often suffer from poor generalization performance and lack of explainability making it difficult to understand how they arrived at their predictions. This can make it challenging for cybersecurity experts to assess the reliability of the model and identify false positives or false negatives. In this work, we aim at a novel approach that combines a graph-based representation of malware with a neural network classifier. Entities and relationships in a knowledge graph are projected into a low-dimensional space. The approach involves learning a vector representation for each entity and relationship in the knowledge base while preserving their semantic meaning, so as to accurately discriminate between malicious and benign software. Additionally, the resulting embeddings can be used to derive explanations for the predictions, giving cybersecurity experts insights into malware behavior and decision-making processes. Overall the goal is an approach that will present a valuable tool for malware detection and analysis in real-world settings, with accurate predictions and meaningful explanations.