Precise Extraction of Malicious Behaviors
作者: Khanh Huu The Dam , Tayssir Touili
DOI: 10.1109/COMPSAC.2018.00036
关键词:
摘要: In recent years, the damage cost caused by malwares is huge. Thus, malware detection a big challenge. The task of specifying takes huge amount time and engineering effort since it currently requires manual study malicious code. in order to avoid tedious analysis codes, this has be automatized. To aim, we propose work represent behaviors using extended API call graphs, where nodes correspond function calls, edges specify execution between functions, edge labels indicate dependence relation functions parameters. We define new static techniques that allow extract such graphs from programs, show how automatically extract, set benign an graph represents behaviors. Finally, can used for detection. implemented our obtained encouraging results: 95.66% rate with 0% false alarms.
archives-ouvertes.fr
sci-hub.se 参考文章(7)
Fu Song, Tayssir Touili, Model-checking software library API usage rules Software and Systems Modeling. ,vol. 15, pp. 961- 985 ,(2016) , 10.1007/S10270-015-0473-1
Javier Esparza, David Hansel, Peter Rossmanith, Stefan Schwoon, Efficient Algorithms for Model Checking Pushdown Systems computer aided verification. pp. 232- 247 ,(2000) , 10.1007/10722167_20
Johannes Kinder, Helmut Veith, Jakstab: A Static Analysis Platform for Binaries computer aided verification. pp. 423- 427 ,(2008) , 10.1007/978-3-540-70545-1_40
Joris Kinable, Orestis Kostakis, Malware classification based on call graph clustering Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 233- 245 ,(2011) , 10.1007/S11416-011-0151-Y
Deguang Kong, Guanhua Yan, Discriminant malware distance learning on structural information for automated malware classification knowledge discovery and data mining. pp. 1357- 1365 ,(2013) , 10.1145/2487575.2488219
Ming Xu, Lingfei Wu, Shuhui Qi, Jian Xu, Haiping Zhang, Yizhi Ren, Ning Zheng, A similarity metric method of obfuscated malware using function-call graph Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 35- 47 ,(2013) , 10.1007/S11416-012-0175-Y
Khanh-Huu-The Dam, Tayssir Touili, Automatic extraction of malicious behaviors international conference on malicious and unwanted software. pp. 1- 10 ,(2016) , 10.1109/MALWARE.2016.7888729