BinGraph: Discovering mutant malware using hierarchical semantic signatures
作者: Jonghoon Kwon , Heejo Lee
DOI: 10.1109/MALWARE.2012.6461015
关键词:
摘要: Malware landscape has been dramatically elevated over the last decade. The main reason of increase is that new malware variants can be produced easily using simple code obfuscation techniques. Once applied, change their syntactics while preserving semantics, and bypass anti-virus (AV) scanners. authors, thus, commonly use techniques to generate metamorphic malware. Nevertheless, signature based AV are limited detect since they on syntactic matching. In this paper, we propose BinGraph, a mechanism accurately discovers BinGraph leverages semantics malware, mutant able manipulate syntax only. To end, first extract API calls from convert hierarchical behavior graph represents with identical 128 nodes semantics. Later, unique subgraphs graphs as semantic signatures representing common behaviors specific family. evaluate analyzed total 827 samples consist 10 families 1,202 benign binaries. Among 20% randomly chosen each family were used for extracting signatures, rest them assessing detection accuracy. Finally, only 32 selected signatures. discovered 98%
elsevier.com
ieeecomputersociety.org参考文章(27)
David M. Chess, Steve R. White, An Undetectable Computer Virus ,(2000)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
Kyoung-Soo Han, In-Kyoung Kim, Eul Gyu Im, Detection Methods for Malware Variant Using API Call Related Graphs Lecture Notes in Electrical Engineering. pp. 607- 611 ,(2012) , 10.1007/978-94-007-2911-7_59
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, Engin Kirda, Scalable, behavior-based malware clustering network and distributed system security symposium. ,(2009)
V. Sai Sathyanarayan, Pankaj Kohli, Bezawada Bruhadeshwar, Signature Generation and Detection of Malware Families Information Security and Privacy. pp. 336- 349 ,(2008) , 10.1007/978-3-540-70500-0_25
Engin Kirda, Paolo Milani Comparetti, Christopher Kruegel, Clemens Kolbitsch, Xiaoyong Zhou, XiaoFeng Wang, Effective and efficient malware detection at the end host usenix security symposium. pp. 351- 366 ,(2009)
Kyoochang Jeong, Heejo Lee, Code Graph for Malware Detection international conference on information networking. pp. 1- 5 ,(2008) , 10.1109/ICOIN.2008.4472801