nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Malware Detection Using Logic Signature of Basic Block Sequence

verfasst von : Dawei Shi, Qiang Xu

Erschienen in: Green, Pervasive, and Cloud Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Malware detection is an important method for maintaining the security and privacy in cyberspace. As the most mainstream method currently, signature-based detecting is confronted with many obfuscation methods which can hide the true signature of malware. In our research, we propose a logic signature-based malware detecting method to overcome the shortcoming of being susceptible to disturbance in data signature-based method. Firstly, we achieve the logic of basic block based on Symbolic execution and Static Single Assignment, and then use a set of expression trees to represent the basic block logic, the trees set will be filtered to pick out the remarkable items. Depending on basic block logic trees set, we use n-gram method to select features for the discrimination of malicious and benign software. Every feature of program is a sequence of basic block logic and the feature matching is based on edit distance calculating. We design and implement a detector and evaluate its effectiveness by comparing with data signature-based detector. The experimental results indicate that the proposed malware detector using logic signature of basic block sequence has a higher performance than data signature-based detectors.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Complex Attacks Recognition Method in Wireless Intrusion Detection System

Nächstes Kapitel Verifiable and Privacy-Preserving Association Rule Mining in Hybrid Cloud Environment

Idika, N., Mathur, A.P.: A survey of malware detection techniques. Purdue University (2007)

Griffin, K., Schneider, S., Hu, X., Chiueh, T.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 101–120. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04342-0_6CrossRef

Martín, A., Menéndez, Héctor D., Camacho, D.: String-based malware detection for android environments. Intelligent Distributed Computing X. SCI, vol. 678, pp. 99–108. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-48829-5_10CrossRef

Santos, I., et al.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231(9), 64–82 (2013)MathSciNetCrossRef

Ding, Y., et al.: Control flow-based opcode behavior analysis for Malware detection. Comput. Secur. 44(2), 65–74 (2014)CrossRef

Vinod, P., et al.: Static CFG analyzer for metamorphic Malware code. In: International Conference on Security of Information and Networks, Sin 2009, Gazimagusa, North Cyprus, October, pp. 225–228. DBLP (2009)

Adkins, F., et al.: Heuristic malware detection via basic block comparison. In: International Conference on Malicious and Unwanted Software, pp. 11–18. The Americas IEEE (2014)

Mehdi, B., et al.: Towards a theory of generalizing system call representation for in-execution malware detection. In: IEEE International Conference on Communications, pp. 1–5. IEEE (2010)

Elhadi, A.A.E., Maarof, M.A., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9(3), 283–288 (2012)CrossRef

10.

Natani, P., Vidyarthi, D.: Malware detection using API function frequency with ensemble based classifier. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 378–388. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40576-1_37CrossRef

11.

Chandramohan, M., Tan, H.B.K., Shar, L.K.: Scalable malware clustering through coarse-grained behavior modeling. In: ACM SIGSOFT, International Symposium on the Foundations of Software Engineering, p. 27. ACM (2012)

12.

You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 297–300. IEEE (2010)

13.

Jensen, F.V., Nielsen, T.D.: Bayesian networks and decision graphs. Technometrics 50(1), 97 (2007)MATH

14.

Denœux, T.: A k-nearest neighbor classification rule based on dempster-shafer theory. In: Yager, R.R., Liu, L. (eds.) Classic Works of the Dempster-Shafer Theory of Belief Functions. STUDFUZZ, vol. 219, pp. 737–760. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-44792-4_29CrossRef

15.

Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. 21(3), 660–674 (2002)MathSciNet

16.

Suykens, J.A.K., Vandewalle, J.: least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)CrossRef

17.

Van Emmerik, M.: Static single assignment for decompilation. UQ Theses (RHD) - UQ staff and students only (2007)

18.

Khurshid, S., PĂsĂreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36577-X_40CrossRefMATH

19.

Mira, F., Huang, W., Brown, A.: Improving malware detection time by using RLE and N-gram. In: International Conference on Automation and Computing, pp. 1–5 (2017)

20.

Bille, P.: A survey on tree edit distance and related problems. Theor. Comput. Sci. 337(1), 217–239 (2005)MathSciNetCrossRef

21.

Shoshitaishvili, Y., et al.: SOK: (state of) the art of war: offensive techniques in binary analysis. In: Security and Privacy, pp. 138–157. IEEE (2016)

Titel: Malware Detection Using Logic Signature of Basic Block Sequence
verfasst von: Dawei Shi
Qiang Xu
Verlag: Springer International Publishing
Buch: Green, Pervasive, and Cloud Computing
Print ISBN: 978-3-030-15092-1

Electronic ISBN: 978-3-030-15093-8

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-15093-8_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"