Security importance assessment for system objects and malware detection

System objects play different roles in computer systems and exhibit different levels of importance to system security. Assessing the importance of system objects helps us develop effective security protection methods. However, little work has focused on understanding and assessing the importance of system objects from a security perspective. In this paper, we build a security dependency network from access behaviors to quantify the security importance of system objects from a system-wide perspective. Similar to other networked systems, we observe small-world effect and power-law distributions for in and out-degree in the security dependency network. Exploring rich network structures in the security dependency network provides insights into the importance of system objects in security. We assess the importance of system objects, with respect to security, by the centrality metrics and propose an importance based model for malware detection. We evaluate importance metrics of system objects from various perspectives to demonstrate their feasibility and practicality. Furthermore, extensive experimental results on a real-world dataset demonstrate that our model is capable of detecting 7257 malware samples from 27,840 benign processes with a 93.92% true positive rate at 0.1% false positive rate. (C) 2017 Elsevier Ltd. All rights reserved.