A Novel Malware Classification Method Based on Crucial Behavior

被引:8
|
作者
Xiao, Fei [1 ,2 ]
Sun, Yi [1 ,2 ]
Du, Donggao [1 ,2 ]
Li, Xuelei [3 ,4 ]
Luo, Min [5 ]
机构
[1] Beijing Univ Posts & Telecommun, Network & Informat Ctr, Inst Network Technol, Beijing 100876, Peoples R China
[2] Beijing Univ Posts & Telecommun, Natl Engn Lab Mobile Network Secur 2013 2685, Beijing 100876, Peoples R China
[3] Inspur Elect Informat Ind Co Ltd, Jinan 250000, Peoples R China
[4] State Key Lab High End Server & Storage Technol, Jinan 250000, Peoples R China
[5] Ernst & Young, Tokyo, Japan
基金
中国国家自然科学基金;
关键词
Inverse problems;
D O I
10.1155/2020/6804290
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
Recently, some graph-based methods have been proposed for malware detection. However, current malware is generally characterized by sophisticated behaviors, which makes graph-based malware detection extremely challenging. To address this issue, we propose a graph repartition algorithm by transforming API call graphs into fragment behaviors based on programs' dynamic execution traces. The proposed algorithm relies on the N-order subgraph (NSG) for constructing the appropriate fragment behavior. Moreover, we improve the term frequency-inverse document frequency- (TF-IDF-) like measure and information gain (IG) to extract the crucial N-order subgraph (CNSG). This novel behavioral representation and improved extraction method can accurately represent crucial behaviors of malware. Experiments on 4,400 samples demonstrate that the proposed method achieves a high accuracy of 99.75% in malware detection and promising performance of 95.27% in malware classification.
引用
收藏
页数:12
相关论文
共 50 条
  • [1] Malware Classification Based on Dynamic Behavior
    Cabau, George
    Buhu, Magda
    Oprisa, Ciprian
    [J]. PROCEEDINGS OF 2016 18TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC), 2016, : 315 - 318
  • [2] A Malware Classification Method Based on Generic Malware Information
    Choi, Jiyeon
    Kim, HeeSeok
    Choi, Jangwon
    Song, Jungsuk
    [J]. NEURAL INFORMATION PROCESSING, PT II, 2015, 9490 : 329 - 336
  • [3] A Novel Malware Traffic Classification Method Based on Differentiable Architecture Search
    Shi, Yunxiao
    Zhang, Xixi
    He, Zhengran
    Yang, Jie
    [J]. 2022 IEEE 96TH VEHICULAR TECHNOLOGY CONFERENCE (VTC2022-FALL), 2022,
  • [4] Automated Malware Classification based on Network Behavior
    Nari, Saeed
    Ghorbani, Ali A.
    [J]. 2013 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2013,
  • [5] DroidChain: A novel Android malware detection method based on behavior chains
    Wang, Zhaoguo
    Li, Chenglong
    Yuan, Zhenlong
    Guan, Yi
    Xue, Yibo
    [J]. PERVASIVE AND MOBILE COMPUTING, 2016, 32 : 3 - 14
  • [6] DroidChain: A Novel Malware Detection Method for Android based on Behavior Chain
    Wang, Zhaoguo
    Li, Chenglong
    Guan, Yi
    Xue, Yibo
    [J]. 2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2015, : 727 - 728
  • [7] Malware Classification Method Based on Improved CNN
    Xuan, Bo-Na
    Li, Jin
    [J]. Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2023, 51 (05): : 1187 - 1197
  • [8] Analysis and classification of context-based malware behavior
    Alaeiyan, Mohammadhadi
    Parsa, Saeed
    Conti, Mauro
    [J]. COMPUTER COMMUNICATIONS, 2019, 136 : 76 - 90
  • [9] Classification of polymorphic and metamorphic malware samples based on their behavior
    Tsyganok, Ksenia
    Tumoyan, Evgeny
    Anikeev, Maxim
    Babenko, Liudmila
    [J]. PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS, 2012, : 111 - 116
  • [10] Learning and classification of malware behavior
    Rieck, Konrad
    Holz, Thorsten
    Willems, Carsten
    Duessel, Patrick
    Laskov, Pavel
    [J]. DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, 2008, 5137 : 108 - +