The manual methods to create detection rules are no longer prac- tical in the anti-malware product since the number of malware threats has been growing over past years. Thus, the turn to ma- chine learning approaches is a promising way to make malware recognition more efficient. The traditional centralized machine learning requires a large amount of data to train a model with ex- cellent performance. To boost the malware detection, the training data might be on various kind of data sources such as data on the host, network, and cloud-based anti-malware components, or even, data from different enterprises. To avoid the expenses of data col- lection as well as the leakage of private data, we present a federated learning system to identify malware through behavioral graphs, i.e., system call dependency graphs. It is based on a deep learning model including a graph autoencoder and a multiclass classifier module. This model is trained by a secure learning protocol among clients to preserve the private data against inference attacks. Using the model to identify malware, we achieve the accuracy of ∼ 85% for homogeneous graph data and ∼ 93% for inhomogeneous graph data.
Bertrand Van Ouytsel, C.-H., Dam, K. H. T., & Legay, A. (2022). Symbolic analysis meets federated learning to enhance malware identifier. ARES ’22: Proceedings of the 17th International Conference on Availability, Reliability and Security, p. 1-10. https://doi.org/10.1145/3538969.3538996