کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
6854730 1437594 2018 19 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
G3MD: Mining frequent opcode sub-graphs for metamorphic malware detection of existing families
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر هوش مصنوعی
پیش نمایش صفحه اول مقاله
G3MD: Mining frequent opcode sub-graphs for metamorphic malware detection of existing families
چکیده انگلیسی
Attackers leverage various obfuscation techniques to create a metamorphic malware that can evade from detection by anti-malwares. To defeat, we propose Graph Mining for Metamorphic Malware Detection (G3MD), an intelligent system for static detection of metamorphic malwares. G3MD demonstrates one of the many aspects of what the current generation of machine-learning techniques and expert systems can do. It extends what is known about practical application of machine-learning techniques in the field of information security. It is intended to alleviate the burden of human experts and underlying costs. The novelty of G3MD is to apply graph mining on the opcode graphs of a metamorphic family of malwares to extract the frequent sub-graphs, so called micro-signatures. Based on these sub-graphs, a classifier is trained to distinguish between a benign file and a metamorphic malware. We conducted experiments on four families of metamorphic malwares common in previous studies, namely Next Generation Virus Generation Kit (NGVCK), Second Generation Virus Generator (G2), and Mass Produced Code Generation Kit (MPCGEN) viruses and Metamorphic Worm (MWOR) worms. The precision (over 99% in most cases) of metamorphic malware detection by the proposed approach corroborates its effectiveness over other existing approaches.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Expert Systems with Applications - Volume 112, 1 December 2018, Pages 15-33
نویسندگان
, , , ,