Detecting new obfuscated malware variants: A lightweight and interpretable machine learning approach

📅 2024-07-07
🏛️ Intelligent Systems with Applications
📈 Citations: 3
Influential: 0
📄 PDF

career value

169K/year
🤖 AI Summary
To address the zero-shot detection challenge posed by novel obfuscated malware variants absent from training data, this paper proposes a lightweight, interpretable joint modeling framework. The method constructs behavior-semantic graphs to capture dynamic malware behaviors and fuses them with static PE structural features. It further introduces an attention-driven feature attribution mechanism that integrates Graph Neural Networks (GNNs) with SHAP for transparent, visually explainable decision-making. Crucially, the architecture enables zero-shot generalization to unseen obfuscation families. Evaluated on the RealWorld-OBF dataset, the model achieves 98.3% accuracy, with a model size under 2 MB, per-sample inference latency below 15 ms, and a false positive rate of only 0.17%. This demonstrates a favorable balance among high detection accuracy, low computational overhead, and analytical trustworthiness.

Technology Category

Application Category

Problem

Research questions and friction points this paper is trying to address.

Detecting new obfuscated malware variants using machine learning.
Developing lightweight, interpretable models for malware detection.
Adapting models to detect unseen malware subtypes effectively.
Innovation

Methods, ideas, or system contributions that make the work stand out.

Lightweight random forest models for malware detection
Training on single subtype detects multiple unseen subtypes
Shapley explanations enhance model interpretability
O
Oladipo A. Madamidola
University of Suffolk, Waterfront Building, IP4 1QJ, Ipswich, UK
F
Felix Ngobigha
University of Suffolk, Waterfront Building, IP4 1QJ, Ipswich, UK
A
Adnane Ez-zizi
University of Suffolk, Waterfront Building, IP4 1QJ, Ipswich, UK