Top

Published in:

2015 | OriginalPaper | Chapter

1. A Discrete Event System Based Approach for Obfuscated Malware Detection

Authors : Chinmaya K. Patanaik, Ferdous A. Barbhuiya, Santosh Biswas, Sukumar Nandi

Published in: Advances in Communication and Computing

Publisher: Springer India

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the growing use and popularity of Internet among people, security threats such as viruses, worms etc., are also rapidly increasing. In order to detectand prevent such threats, many antivirus softwares have been created. Signature matching approach used to detect malwares can be easily thwarted by using code obfuscation techniques. In this paper, we propose a discrete event systems-based approach to detect obfuscated malwares in a system, taking Bagle. A as our test virus. Commonly used obfuscation techniques have been applied to bagle. We built DES models for a process under attack and normal conditions with system calls as events. Based on the system calls evoked by any process, our detector will determine its maliciousness by comparing it with both the models.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter Quantification of Diagnostic Information from Electrocardiogram Signal: A Review

Szr, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference, pp. 123–144 (2001)

Cassandras, C., Lafortune, S.: Introduction to discrete event systems, series Kluwer International Series on Discrete Event Dynamic Systems. Kluwer Academic (1999) [Online]. Available: http://books.google.co.in/books?id=IuGo4aRyb00C

Dingel, J., Rudie, K., Dragert, C.: Bridging the gap: discrete-event systems for software engineering (short position paper). In: Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering, series C3S2E’09, pp. 67–71. New York, NY, USA: ACM (2009) [Online]. Available: http://doi.acm.org/10.1145/1557626.1557637

Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium, pp. 169–186 (2003)

Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM Symposium on Applied Computing, series SAC’10, pp. 1970–1977. New York, NY, USA: ACM (2010) [Online]. Available: http://doi.acm.org/10.1145/1774088.1774505

Christodorescu, M., Jha, S., Seshia, S.A., Song, D.X., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy, pp. 32–46 (2005)

Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host

Neminath, H., Biswas, S., Roopa, S., Ratti, R., Nandi, S., Barbhuiya, F., Sur, A., Ramachandran, V.: A des approach to intrusion detection system for ARP spoofing attacks. In: 2010 18th Mediterranean Conference on Control Automation (MED), June 2010, pp. 695–700

Lakhotia, A., Kumar, E.U.: Abstract stack graph to detect obfuscated calls in binaries. In: Proceedings 4th IEEE International Workshop on Source Code Analysis and Manipulation, pp. 17–26, IEEE Computer Society (2004)

10.

You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA), november, pp. 297–300 (2010)

11.

Rozinov, K.: Reverse code engineering: an in-depth analysis of the bagle virus. Technical Report, Bell Labs (2004)

12.

http://msdn.microsoft.com/en-us/library/ms123401.aspx

13.

Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 5–14 (2007)

14.

http://www.clamav.net/

15.

http://www.ollydbg.de/

Title: A Discrete Event System Based Approach for Obfuscated Malware Detection
Authors: Chinmaya K. Patanaik
Ferdous A. Barbhuiya
Santosh Biswas
Sukumar Nandi
Publisher: Springer India
Book: Advances in Communication and Computing
Print ISBN: 978-81-322-2463-1

Electronic ISBN: 978-81-322-2464-8

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-81-322-2464-8_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"