MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics
作者: Weijie Han , Jingfeng Xue , Yong Wang , Lu Huang , Zixiao Kong
DOI: 10.1016/J.COSE.2019.02.007
关键词:
摘要: Abstract It is a wide-spread way to detect malware by analyzing its behavioral characteristics based on API call sequences. However, previous studies usually just focus static or dynamic sequence, while neglecting the correlation between them. Our experimental results show that there exists an underlying relation and sequences of malware. The can be described as “the syntax different, but semantics similar”. Based this discovery, paper first attempts explore difference malicious programs. We correlate fuse their into one hybrid sequence mapping then construct feature vector space. Furthermore, we mine define behavior types programs, provide explainable for detection. study has addressed shortcoming approaches they pay attention detection neglect explanation. By fusion sequences, establish framework, called MalDAE. evaluation classification accuracy MalDAE reach up 97.89% 94.39% respectively outperforming similar comprehensive comparison. In addition, gives understandable explanation common provides predictive support understanding resisting
sci-hub.se 参考文章(35)
Babak Yadegari, Brian Johannesmeyer, Ben Whitely, Saumya Debray, A Generic Approach to Automatic Deobfuscation of Executable Code 2015 IEEE Symposium on Security and Privacy. pp. 674- 691 ,(2015) , 10.1109/SP.2015.47
Youngjoon Ki, Eunjin Kim, Huy Kang Kim, A novel approach to detect malware based on API call sequence analysis International Journal of Distributed Sensor Networks. ,vol. 2015, pp. 659101- ,(2015) , 10.1155/2015/659101
Smita Naval, Vijay Laxmi, Muttukrishnan Rajarajan, Manoj Singh Gaur, Mauro Conti, Employing Program Semantics for Malware Detection IEEE Transactions on Information Forensics and Security. ,vol. 10, pp. 2591- 2604 ,(2015) , 10.1109/TIFS.2015.2469253
Silvio Cesare, Yang Xiang, Wanlei Zhou, Control Flow-Based Malware VariantDetection IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 307- 317 ,(2014) , 10.1109/TDSC.2013.40
Aziz Mohaisen, Omar Alrawi, Manar Mohaisen, None, AMAL: High-fidelity, behavior-based automated malware analysis and classification Computers & Security. ,vol. 52, pp. 251- 266 ,(2015) , 10.1016/J.COSE.2015.04.001
Philip Okane, Sakir Sezer, Kieran McLaughlin, Eul Gyu Im, Malware detection: program run length against detection rate IET Software. ,vol. 8, pp. 42- 51 ,(2014) , 10.1049/IET-SEN.2013.0020
Shamsul Huda, Jemal Abawajy, Mamoun Alazab, Mali Abdollalihian, Rafiqul Islam, John Yearwood, None, Hybrids of support vector machine wrapper and filter based framework for malware detection Future Generation Computer Systems. ,vol. 55, pp. 376- 390 ,(2016) , 10.1016/J.FUTURE.2014.06.001
Yuxin Ding, Xuebing Yuan, Ke Tang, Xiao Xiao, Yibin Zhang, A fast malware detection algorithm based on objective-oriented association mining Computers & Security. ,vol. 39, pp. 315- 324 ,(2013) , 10.1016/J.COSE.2013.08.008
Igor Santos, Felix Brezo, Xabier Ugarte-Pedrero, Pablo G Bringas, None, Opcode sequences as representation of executables for data-mining-based unknown malware detection Information Sciences. ,vol. 231, pp. 64- 82 ,(2013) , 10.1016/J.INS.2011.08.020
Yanfang Ye, Dingding Wang, Tao Li, Dongyi Ye, Qingshan Jiang, An intelligent PE-malware detection system based on association mining Journal in Computer Virology. ,vol. 4, pp. 323- 334 ,(2008) , 10.1007/S11416-008-0082-4