恶意软件的时序对偶数据流图挖掘及其检测方法

基于数据流图的恶意软件检测方法通常仅关注API(application programming interface)调用过程中的数据流信息，而忽略API调用顺序信息。为解决此问题，所提方法在传统数据流图的基础上融入API调用的时序信息，提出恶意软件时序对偶数据流图的概念，并给出模型挖掘方法，最后提出一种基于优化的图卷积网络对时序对偶数据流图进行分类、进而用于恶意软件检测与分类的方法。实验结果表明，所提方法的恶意软件识别准确率较传统基于数据流图的恶意软件识别方法有更好的检测效果。

Mining of dual data flow graph combined with sequence information and detection method of malwares

The malware detection methods based on data flow graph only focused on the data flow information caused by API calls, which ignored the sequence information among API calls. To address this issue, this paper integrated the sequence information of API calls into data flow graph, put forward the concept of dual data flow graph combined with sequence information, gave the method of constructing event logs from the API call sequence, and proposed the mining method of dual data flow graph combined with sequence information. Finally, this paper proposed an improved graph convolution network to classifying dual data flow graph combined with sequential information. The classification result could be used to detect and classify malwares. The experimental results show that the proposed method has better detection accuracy than traditional methods based on data flow graphs.