کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
523736 868471 2012 9 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
A graph mining approach for detecting unknown malwares
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر نرم افزارهای علوم کامپیوتر
پیش نمایش صفحه اول مقاله
A graph mining approach for detecting unknown malwares
چکیده انگلیسی

Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already caused damage and it is registered. Therefore, it fails to detect new malwares (unknown malwares). Since most of malwares have similar behavior, a behavior based method can detect unknown malwares. The behavior of a program can be represented by a set of called API's (application programming interface). Therefore, a classifier can be employed to construct a learning model with a set of programs' API calls. Finally, an intelligent malware detection system is developed to detect unknown malwares automatically. On the other hand, we have an appealing representation model to visualize the executable files structure which is control flow graph (CFG). This model represents another semantic aspect of programs. This paper presents a robust semantic based method to detect unknown malwares based on combination of a visualize model (CFG) and called API's. The main contribution of this paper is extracting CFG from programs and combining it with extracted API calls to have more information about executable files. This new representation model is called API-CFG. In addition, to have fast learning and classification process, the control flow graphs are converted to a set of feature vectors by a nice trick. Our approach is capable of classifying unseen benign and malicious code with high accuracy. The results show a statistically significant improvement over n-grams based detection method.


► We introduce an intelligent malware detection approach with high accuracy.
► It incorporates API calls into a visualized model (CFG) to take their advantages.
► We use programs' semantic and behavioral features together to have better detection.
► We present a trick to simplify control flow graphs by converting them into vectors.
► Our approach attains more detection accuracy than n-grams method.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Journal of Visual Languages & Computing - Volume 23, Issue 3, June 2012, Pages 154–162
نویسندگان
, ,