ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences
作者: Huabiao Lu , Xiaofeng Wang , Baokang Zhao , Fei Wang , Jinshu Su
DOI: 10.1016/J.MCM.2013.03.008
关键词:
摘要: Abstract Malware obfuscation obscures malware into different versions, making traditional syntactic nature based detection ineffective. Furthermore, with the huge and exponentially growing number of samples, existing systems are either evaded by obfuscation, or overwhelmed numerous samples. This paper proposes an anti-obfuscation, scalable collaborative system—ENDMal. ENDMal identifies program that behaves suspiciously in end-hosts similarly between a group suspicious programs wide area as malicious. We present Iterative Sequence Alignment (ISA) method to defeat obfuscation. Instead using complex behavior graph, we propose Handle dependences Probabilistic Ordering Dependence (HPOD) technology represent behaviors. In addition, design novel information sharing infrastructure, RENShare, collaboratively congregate characteristics spreading over network areas. Our experimental results show can detect unknown malwares much faster than centralized system is more effective distributed system.
elsevier.com
sci-hub.se 参考文章(31)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Richard A. Kemmerer, Christopher Kruegel, Darren Mutz, Giovanni Vigna, William Robertson, Reverse Engineering of Network Signatures ,(2005)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
James S. Albus, Alexander M. Meystel, Engineering of Mind: An Introduction to the Science of Intelligent Systems ,(2001)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Vern Paxson, Chris Grier, Juan Caballero, Christian Kreibich, Measuring pay-per-install: the commoditization of malware distribution usenix security symposium. pp. 13- 13 ,(2011)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Parag K. Shelke, A. D. Gawande, Sneha Sontakke, INTRUSION DETECTION SYSTEM FOR CLOUD COMPUTING International Journal of Scientific & Technology Research. ,vol. 1, pp. 67- 71 ,(2012)
Roberto Perdisci, Nick Feamster, Wenke Lee, Behavioral clustering of HTTP-based malware and signature generation using malicious network traces networked systems design and implementation. pp. 26- 26 ,(2010) , 10.5555/1855711.1855737