nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

26.04.2021 | Original Paper

Markhor: malware detection using fuzzy similarity of system call dependency sequences

verfasst von: Amir Mohammadzade Lajevardi, Saeed Parsa, Mohammad Javad Amiri

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 2/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Static malware detection approaches are time-consuming and cannot deal with code obfuscation techniques. Dynamic malware detection approaches, on the other hand, address these two challenges, however, suffer from behavioral ambiguity, such as the system calls obfuscation. In this paper, we introduce Markhor, a dynamic and behavior-based malware detection approach. Markhor uses system call data dependency and system call control dependency sequences to create a weighted list of malicious patterns. The list is then used to determine the malicious processes. Next, the similarity of a file system call sequences to a malicious pattern is extracted based on a fuzzy algorithm and the file nature is determined. The evaluation results reveal the efficiency of Markhor in terms of accuracy (0.982), precision (0.976), and F-measure (0.982).

Vorheriger Artikel On delegatability of MDVS schemes

Nächster Artikel Cross-VM cache attacks on Camellia

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Markhor (Capra falconeri), is a large Capra species native to Central Asia, Karakoram and the Himalayas. The name is thought to be derived from Persian–a conjunction of mar (“snake, serpent”) and the suffix khor (“-eater”), interpreted to represent the animal’s alleged ability to kill snakes.

Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017)CrossRef

Scott, J..: Signature Based Malware Detection is Dead, Cybersecurity Think Tank. Institute for Critical Infrastructure Technology (February). www.ICITForum.org

Alazab, M., Venkataraman, S., Watters, P.: Towards understanding malware behaviour by the extraction of API calls. In: Proceedings of the 2nd Cybercrime and Trustworthy Computing Workshop, pp. 52–59 (2010). 10.1109/CTC.2010.8

Fang, Z., Wang, J., Li, B., Wu, S., Zhou, Y., Huang, H.: Evading anti-malware engines with deep reinforcement learning. IEEE Access 7, 48867–48879 (2019)CrossRef

Martín, A., Menéndez, H. D., Camacho, D.: Studying the influence of static API calls for hiding malware. In: Lecture Notes in Computer Science, vol. 9868, pp. 363–372. Springer (2016)

Lopez, J., Babun, L., Aksu, H., Uluagac, A.S.: A survey on function and system call hooking approaches. J. Hardw. Syst. Secur. 1(2), 114–136 (2017)CrossRef

Alazab, M., Venkataraman, S., Watters, P.: Towards understanding malware behaviour by the extraction of API calls. In: Cybercrime and Trustworthy Computing Workshop, pp. 52–59 (2010)

Sihwail, R., Omar, K., Ariffin, K.A.: A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis. Int. J. Adv. Sci. Eng. Inf. Technol. 8(4–2), 1662–1671 (2018)CrossRef

Narouei, M., Ahmadi, M., Giacinto, G., Takabi, H., Sami, A.: DLLMiner: structural mining for malware detection. Secur. Commun. Netw. 8(18), 3311–3322 (2015)CrossRef

10.

Dependency Walker, Dependency Walker (2018). http://www.dependencywalker.com/

11.

Garg, V., Yadav, R.K.: Malware detection based on API calls frequency. In: International Conference on Information Systems and Computer Networks, pp. 400–404. IEEE (2019)

12.

Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., Hamze, A.: Malware detection based on mining API calls. In: Proceedings of the ACM Symposium on Applied Computing, pp. 1020–1025. ACM Press, New York (2010)

13.

Qiao, Y., Yang, Y., He, J., Tang, C., Liu, Z.: CBM: free, automatic malware analysis framework using API call sequences. In: Advances in Intelligent Systems and Computing, vol. 214, pp. 225–236. Springer (2014)

14.

Tran, T.K., Sato, H.: NLP-based approaches for malware classification from API sequences. In: Symposium on Intelligent and Evolutionary Systems, vol. 2017-Janua, pp. 101–105. Institute of Electrical and Electronics Engineers Inc. (2017)

15.

Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J., Kim, H.: Improvement of malware detection and classification using API call sequence alignment and visualization. Clust. Comput. 22(1), 921–929 (2019)CrossRef

16.

Fadadu, F.: Evading API call sequence based malware classifiers. In: International Conference on Information and Communications Security, pp. 18–33. Springer, Cham (2019)

17.

Suaboot, J., Tari, Z., Mahmood, A., Zomaya, A.Y., Li, W.: Sub-curve HMM: a malware detection approach based on partial analysis of API call sequences. Comput. Secur. 92, 101773 (2020)CrossRef

18.

CWSandbox Data. http://pi1.informatik.uni-mannheim.de/malheur/

19.

Virus Sign Malware Data Base. https://www.virussign.com

20.

API Monitoring Tool. https://www.rohitab.com/apimonitor

21.

Parsa, S., Zareie, F., Vahidi-Asl, M.: Fuzzy clustering the backward dynamic slices of programs to identify the origins of failure. In: Lecture Notes in Computer Science, vol. 6630, pp. 352–363 (2011)

Titel: Markhor: malware detection using fuzzy similarity of system call dependency sequences
verfasst von: Amir Mohammadzade Lajevardi
Saeed Parsa
Mohammad Javad Amiri
Publikationsdatum: 26.04.2021
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 2/2022
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-021-00383-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2022

On delegatability of MDVS schemes

Editorial

Cross-VM cache attacks on Camellia

Anomaly detection in business processes logs using social network analysis

Covert timing channels: analyzing WEB traffic

Zipf’s law analysis on the leaked Iranian users’ passwords

Premium Partner