Deriving common malware behavior through graph clustering
作者: Younghee Park , Douglas S. Reeves , Mark Stamp
DOI: 10.1016/J.COSE.2013.09.006
关键词:
摘要: Detection of malicious software (malware) continues to be a problem as hackers devise new ways evade available methods. The proliferation malware and variants requires advanced methods detect them. This paper proposes method construct common behavioral graph representing the execution behavior family instances. generates one by clustering set individual graphs, which represent kernel objects their attributes based on system call traces. resulting has path, called HotPath, is observed in all instances same family. proposed shows high detection rates false positive close 0%. derived highly scalable regardless added. It also robust against attacks.
acm.org
sci-hub.se 参考文章(43)
Peng Ning, Dingbang Xu, Learning attack strategies from intrusion alerts computer and communications security. pp. 200- 209 ,(2003) , 10.1145/948109.948137
Andreas Moser, Christopher Kruegel, Engin Kirda, Limits of Static Analysis for Malware Detection annual computer security applications conference. pp. 421- 430 ,(2007) , 10.1109/ACSAC.2007.21
Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler, EXE Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 322- 335 ,(2006) , 10.1145/1180405.1180445
Michael Bailey, Jon Oberheide, Jon Andersen, Z Morley Mao, Farnam Jahanian, Jose Nazario, None, Automated classification and analysis of internet malware recent advances in intrusion detection. pp. 178- 197 ,(2007) , 10.1007/978-3-540-74320-0_10
Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee, Ether Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 51- 62 ,(2008) , 10.1145/1455770.1455779
Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis computer and communications security. pp. 116- 127 ,(2007) , 10.1145/1315245.1315261
David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee, A Taxonomy of Botnet Structures annual computer security applications conference. pp. 325- 339 ,(2007) , 10.1109/ACSAC.2007.44
C. Kruegel, W. Robertson, G. Vigna, Detecting kernel-level rootkits through binary analysis annual computer security applications conference. pp. 91- 100 ,(2004) , 10.1109/CSAC.2004.19
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, Helmut Veith, Detecting malicious code by model checking international conference on detection of intrusions and malware and vulnerability assessment. pp. 174- 187 ,(2005) , 10.1007/11506881_11
Mihai Christodorescu, Somesh Jha, Christopher Kruegel, Mining specifications of malicious behavior Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering - ESEC-FSE '07. pp. 5- 14 ,(2007) , 10.1145/1287624.1287628