Word Embedding Techniques for Malware Evolution Detection
This addresses the challenge of automated malware detection for information security, but appears incremental as it applies existing word embedding methods to a specific domain.
The paper tackles the problem of detecting malware evolution over time to maintain effective detection, and finds that using word embedding techniques for feature engineering yields improved results.
Malware detection is a critical aspect of information security. One difficulty that arises is that malware often evolves over time. To maintain effective malware detection, it is necessary to determine when malware evolution has occurred so that appropriate countermeasures can be taken. We perform a variety of experiments aimed at detecting points in time where a malware family has likely evolved, and we consider secondary tests designed to confirm that evolution has actually occurred. Several malware families are analyzed, each of which includes a number of samples collected over an extended period of time. Our experiments indicate that improved results are obtained using feature engineering based on word embedding techniques. All of our experiments are based on machine learning models, and hence our evolution detection strategies require minimal human intervention and can easily be automated.