Detecting metamorphic malwares using code graphs

Lee, Jusuk; Jeong, Kwang Seob; Lee, Heejo

doi:10.1145/1774088.1774505

Cited by 83 publications

(55 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Characteristic or behavior of an executable file are the features which can represent the file itself. These features include n-grams [17], [18], instruction sequences (opcodes) [19], [20], API call sequences [21], [13], control flow graph [22], [23], etc.…”

Section: Heuristic-basedmentioning

confidence: 99%

Short Review on Metamorphic Malware Detection in Hidden Markov Models

Ling¹,

Sani

2017

IJARCSSE

View full text Add to dashboard Cite

Abstract-Metamorphic malware is well known for evading signature-based detection. To cope up with numerous malware which can emerge easily by using open source malware generator, efficient detection in terms of accuracy and runtime performance shall be considered during analysis. Detection strategies such as data mining combine with machine learning have been used by researchers for heuristically detecting malware. In this paper, we present Hidden Markov Model as an efficient metamorphic malware detection tool by exploring the common obfuscation techniques used in malware while reviewing and comparing the different studies that adopt HMM as a detection tool.

show abstract

Section: Heuristic-basedmentioning

confidence: 99%

Short Review on Metamorphic Malware Detection in Hidden Markov Models

Ling¹,

Sani

2017

IJARCSSE

View full text Add to dashboard Cite

show abstract

“…For example, Lee [22] create their graph by transforming a Portable Executable (PE) file into a call graph with nodes and edges which represent system calls and system call sequence, respectively. After that, minimization is applied to the call graph turning it into a code graph to speed up the analysis and comparison process.…”

Section: Figure 1 Organization Of Malware Detectionmentioning

confidence: 99%

“…The above studies compare graphs using different graph matching techniques such as formula building using intersection and union of graphs, weighted common behavioural graph generation based on an approximate algorithm [22], and maximal common subgraph [19,25]. However, due to NP-completeness of the problem and the computational complexity inherent in such API call graph matching algorithms [10], they are prohibitively expensive to use for large graphs.…”

Section: Figure 1 Organization Of Malware Detectionmentioning

confidence: 99%

Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph

Ahmed

Elhadi

Maarof

et al. 2013

IJSIA

View full text Add to dashboard Cite

show abstract

“…The behavior analysis approaches are classified into static approaches [2,5,8] and dynamic approaches [9,10]. The static approaches not limited on the behavior based approaches are light-weight and scalable.…”

Section: Related Workmentioning

confidence: 99%

Screening Smartphone Applications Using Behavioral Signatures

Lee

2013

Security and Privacy Protection in Information Processing Systems

Self Cite

View full text Add to dashboard Cite

Abstract. The sharp increase of smartphone malwares has become one of the most serious security problems. The most significant part of the growth is the variants of existing malwares. A legacy approach for malware, the signature matching, is efficient in temporal dimension, but it is not practical because of its lack of robustness against the variants. A counter approach, the behavior analysis to handle the variant issue, takes too much time and resources. We propose a variant detection mechanism using runtime semantic signature. Our key idea is to reduce the control and data flow analysis overhead by using binary patterns for the control and data flow of critical actions as a signature. The flow information is a significant part of behavior analysis but takes high analysis overhead. In contrast to the previous behavioral signatures, the runtime semantic signature has higher family classification accuracy without the flow analysis overhead, because the binary patterns of flow parts is hardly shared by the out of family members. Using the proposed signature, we detect the new variants of known malwares by static matching efficiently and accurately. We evaluated our mechanism with 1,759 randomly collected real-world Android applications including 79 variants of 4 malware families. As the experimental result, our mechanism showed 99.89% of accuracy on variant detection. We also showed that the mechanism has a linear time complexity as the number of target applications. It is fully practical and advanced performance than the previous works in both of accuracy and efficiency.

show abstract

Detecting metamorphic malwares using code graphs

Cited by 83 publications

References 18 publications

Short Review on Metamorphic Malware Detection in Hidden Markov Models

Short Review on Metamorphic Malware Detection in Hidden Markov Models

Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph

Screening Smartphone Applications Using Behavioral Signatures

Contact Info

Product

Resources

About