Word Embedding Techniques for Malware Evolution Detection

TL;DR

This paper explores the use of word embedding techniques combined with machine learning to detect malware evolution over time, enabling automated and effective updates to malware detection systems.

Contribution

It introduces a novel approach leveraging word embeddings for detecting malware evolution points with minimal human intervention.

Findings

Word embeddings improve malware evolution detection accuracy

Machine learning models effectively identify evolution points

Method is suitable for automation in security systems

Abstract

Malware detection is a critical aspect of information security. One difficulty that arises is that malware often evolves over time. To maintain effective malware detection, it is necessary to determine when malware evolution has occurred so that appropriate countermeasures can be taken. We perform a variety of experiments aimed at detecting points in time where a malware family has likely evolved, and we consider secondary tests designed to confirm that evolution has actually occurred. Several malware families are analyzed, each of which includes a number of samples collected over an extended period of time. Our experiments indicate that improved results are obtained using feature engineering based on word embedding techniques. All of our experiments are based on machine learning models, and hence our evolution detection strategies require minimal human intervention and can easily be automated.