A Novel Malware Classification Method Based on Crucial Behavior

被引：8

作者：

Xiao, Fei ^{[1
,2
]}

Sun, Yi ^{[1
,2
]}

Du, Donggao ^{[1
,2
]}

Li, Xuelei ^{[3
,4
]}

Luo, Min ^{[5
]}

机构：

[1] Beijing Univ Posts & Telecommun, Network & Informat Ctr, Inst Network Technol, Beijing 100876, Peoples R China

[2] Beijing Univ Posts & Telecommun, Natl Engn Lab Mobile Network Secur 2013 2685, Beijing 100876, Peoples R China

[3] Inspur Elect Informat Ind Co Ltd, Jinan 250000, Peoples R China

[4] State Key Lab High End Server & Storage Technol, Jinan 250000, Peoples R China

[5] Ernst & Young, Tokyo, Japan

来源：

MATHEMATICAL PROBLEMS IN ENGINEERING | 2020年 / 2020卷 / 2020期

基金：

中国国家自然科学基金;

关键词：

Inverse problems;

D O I：

10.1155/2020/6804290

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Recently, some graph-based methods have been proposed for malware detection. However, current malware is generally characterized by sophisticated behaviors, which makes graph-based malware detection extremely challenging. To address this issue, we propose a graph repartition algorithm by transforming API call graphs into fragment behaviors based on programs' dynamic execution traces. The proposed algorithm relies on the N-order subgraph (NSG) for constructing the appropriate fragment behavior. Moreover, we improve the term frequency-inverse document frequency- (TF-IDF-) like measure and information gain (IG) to extract the crucial N-order subgraph (CNSG). This novel behavioral representation and improved extraction method can accurately represent crucial behaviors of malware. Experiments on 4,400 samples demonstrate that the proposed method achieves a high accuracy of 99.75% in malware detection and promising performance of 95.27% in malware classification.

引用

页数：12

共 50 条

[1] Malware Classification Based on Dynamic Behavior
Cabau, George
Buhu, Magda
Oprisa, Ciprian
[J]. PROCEEDINGS OF 2016 18TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC), 2016, : 315 - 318
[2] A Malware Classification Method Based on Generic Malware Information
Choi, Jiyeon
Kim, HeeSeok
Choi, Jangwon
Song, Jungsuk
[J]. NEURAL INFORMATION PROCESSING, PT II, 2015, 9490 : 329 - 336
[3] A Novel Malware Traffic Classification Method Based on Differentiable Architecture Search
Shi, Yunxiao
Zhang, Xixi
He, Zhengran
Yang, Jie
[J]. 2022 IEEE 96TH VEHICULAR TECHNOLOGY CONFERENCE (VTC2022-FALL), 2022,
[4] Automated Malware Classification based on Network Behavior
Nari, Saeed
Ghorbani, Ali A.
[J]. 2013 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2013,
[5] DroidChain: A novel Android malware detection method based on behavior chains
Wang, Zhaoguo
Li, Chenglong
Yuan, Zhenlong
Guan, Yi
Xue, Yibo
[J]. PERVASIVE AND MOBILE COMPUTING, 2016, 32 : 3 - 14
[6] DroidChain: A Novel Malware Detection Method for Android based on Behavior Chain
Wang, Zhaoguo
Li, Chenglong
Guan, Yi
Xue, Yibo
[J]. 2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2015, : 727 - 728
[7] Malware Classification Method Based on Improved CNN
Xuan, Bo-Na
Li, Jin
[J]. Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2023, 51 (05): : 1187 - 1197
[8] Analysis and classification of context-based malware behavior
Alaeiyan, Mohammadhadi
Parsa, Saeed
Conti, Mauro
[J]. COMPUTER COMMUNICATIONS, 2019, 136 : 76 - 90
[9] Classification of polymorphic and metamorphic malware samples based on their behavior
Tsyganok, Ksenia
Tumoyan, Evgeny
Anikeev, Maxim
Babenko, Liudmila
[J]. PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS, 2012, : 111 - 116
[10] Learning and classification of malware behavior
Rieck, Konrad
Holz, Thorsten
Willems, Carsten
Duessel, Patrick
Laskov, Pavel
[J]. DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, 2008, 5137 : 108 - +

← 1 2 3 4 5 →