Fast malware classification by automated behavioral graph matching

Park, Younghee; Reeves, Douglas S.; Mulukutla, Vikram; Sundaravel, Balaji

doi:10.1145/1852666.1852716

Cited by 147 publications

(92 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Classification of malware variants has been concerned by analysts in a long period [11][12][13][14]. Evolving malware generates a lot of variants and brings great challenges to analytical work.…”

Section: Methodsmentioning

confidence: 99%

Malware Classification Based on the Behavior Analysis and Back Propagation Neural Network

2016

View full text Add to dashboard Cite

Abstract. With the development of the Internet, malwares have also been expanded on the network systems rapidly. In order to deal with the diversity and amount of the variants, a number of automated behavior analysis tools have emerged as the time requires. Yet these tools produce detailed behavior reports of the malwares, it still needs to specify its category and judge its criticality manually. In this paper, we propose an automated malware classification approach based on the behavior analysis. We firstly perform dynamic analyses to obtain the detailed behavior profiles of the malwares, which are then used to abstract the main features of the malwares and serve as the inputs of the Back Propagation (BP) Neural Network model.The experimental results demonstrate that our classification technique is able to classify the malware variants effectively and detect malware accurately.

show abstract

Section: Methodsmentioning

confidence: 99%

Malware Classification Based on the Behavior Analysis and Back Propagation Neural Network

2016

View full text Add to dashboard Cite

show abstract

“…Park et al [23] presented a malware detection system which uses system call and their parameters values as the features and generates directed subgraph for each programs behavior during execution. It creates a maximal behavior subgraph for measuring their similarity between their programs and known malware families.…”

Section: Feature Extraction Methodsmentioning

confidence: 99%

Comparative Analysis of Feature Extraction Methods of Malware Detection

Ranveer¹,

Hiray²

2015

IJCA

View full text Add to dashboard Cite

Recent years have encountered massive growth in malwares which poses a severe threat to modern computers and internet security. Existing malware detection systems are confronting with unknown malware variants. Recently developed malware detection systems investigated that the diverse forms of malware exhibit similar patterns in their structure with minor variations. Hence, it is required to discriminate the types of features extracted for detecting malwares. So that potential of malware detection system can be leveraged to combat with unfamiliar malwares. We mainly focus on the categorization of features based on malware analysis. This paper highlights general framework of malware detection system and pinpoints strengths and weaknesses of each method. Finally we presented overview of performance of present malware detection systems based on features.

show abstract

“…The monitor utilizes time-based view of kernel objects to analyze traces of kernel execution [17]. Other studies trace malware behaviour exhibited by installer and uninstaller software as a way to avoid false positives [18], and suggest a new categorization method for malware based on maximal common subgraph detection [19].…”

Section: Figure 1 Organization Of Malware Detectionmentioning

confidence: 99%

“…After that, minimization is applied to the call graph turning it into a code graph to speed up the analysis and comparison process. Other researchers use the same approach by using 4-tuple nodes to denote a system call, edges, the dependencies between two system calls and a label for nodes and edges [19]. Some other studies use graph nodes to denote kernel objects instead of system calls [23].…”

Section: Figure 1 Organization Of Malware Detectionmentioning

confidence: 99%

“…The above studies compare graphs using different graph matching techniques such as formula building using intersection and union of graphs, weighted common behavioural graph generation based on an approximate algorithm [22], and maximal common subgraph [19,25]. However, due to NP-completeness of the problem and the computational complexity inherent in such API call graph matching algorithms [10], they are prohibitively expensive to use for large graphs.…”

Section: Figure 1 Organization Of Malware Detectionmentioning

confidence: 99%

See 1 more Smart Citation