research-article

Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs

Authors:

Helen-Maria Dounavi,

Stavros D. Nikolopoulos,

Iosif PolenakisAuthors Info & Claims

CompSysTech '21: Proceedings of the 22nd International Conference on Computer Systems and Technologies

Pages 28 - 33

https://doi.org/10.1145/3472410.3472417

Published: 07 October 2021 Publication History

Abstract

In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.

References

[1]

Domagoj Babić, Daniel Reynaud, and Dawn Song. 2011. Malware analysis with tree automata inference. In International Conference on Computer Aided Verification. Springer, 116–131.

[2]

Mario Luca Bernardi, Marta Cimitile, Damiano Distante, Fabio Martinelli, and Francesco Mercaldo. 2019. Dynamic malware detection and phylogeny analysis using process mining. International Journal of Information Security 18, 3 (2019), 257–284.

Digital Library

[3]

Alvaro Chysi, Stavros D Nikolopoulos, and Iosif Polenakis. 2020. An Algorithmic Framework for Malicious Software Detection Exploring Structural Characteristics of Behavioral Graphs. In Proceedings of the 21st International Conference on Computer Systems and Technologies’ 20. 43–50.

Digital Library

[4]

Anusha Damodaran, Fabio Di Troia, Corrado Aaron Visaggio, Thomas H Austin, and Mark Stamp. 2017. A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques 13, 1(2017), 1–12.

[5]

Baptiste David, Eric Filiol, and Kévin Gallienne. 2017. Structural analysis of binary executable headers for malware detection optimization. Journal of Computer Virology and Hacking Techniques 13, 2(2017), 87–93.

[6]

Yuxin Ding, Xiaoling Xia, Sheng Chen, and Ye Li. 2018. A malware detection method based on family behavior graph. Computers & Security 73(2018), 73–86.

[7]

Lars Strande Grini, Andrii Shalaginov, and Katrin Franke. 2018. Study of soft computing methods for large-scale multinomial malware types and families detection. In Recent developments and the new direction in soft-computing foundations and applications. Springer, 337–350.

[8]

Mehadi Hassen and Philip K Chan. 2017. Scalable function call graph-based malware classification. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 239–248.

Digital Library

[9]

Rafiqul Islam, Ronghua Tian, Lynn Batten, and Steve Versteeg. 2010. Classification of malware based on string and function feature selection. In 2010 Second Cybercrime and Trustworthy Computing Workshop. IEEE, 9–17.

Digital Library

[10]

Teenu S John, Tony Thomas, and Sabu Emmanuel. 2020. Graph Convolutional Networks for Android Malware Detection with System Call Graphs. In 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP). IEEE, 162–170.

[11]

Anna Mpanti, Stavros D Nikolopoulos, and Iosif Polenakis. 2018. A graph-based model for malicious software detection exploiting domination relations between system-call groups. In Proceedings of the 19th International Conference on Computer Systems and Technologies. 20–26.

Digital Library

[12]

Lakshmanan Nataraj, Sreejith Karthikeyan, Gregoire Jacob, and Bangalore S Manjunath. 2011. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security. 1–7.

Digital Library

[13]

Stavros D Nikolopoulos and Iosif Polenakis. 2015. A graph-based model for malicious code detection exploiting dependencies of system-call groups. In Proceedings of the 16th International Conference on Computer Systems and Technologies. 228–235.

Digital Library

[14]

Stavros D Nikolopoulos and Iosif Polenakis. 2017. A graph-based model for malware detection and classification using system-call groups. Journal of Computer Virology and Hacking Techniques 13, 1(2017), 29–46.

[15]

Younghee Park, Douglas Reeves, Vikram Mulukutla, and Balaji Sundaravel. 2010. Fast malware classification by automated behavioral graph matching. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. 1–4.

Digital Library

[16]

Giorgio Severi, Tim Leek, and Brendan Dolan-Gavitt. 2018. M alrec: compact full-trace malware recording for retrospective deep analysis. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 3–23.

[17]

Alireza Souri and Rahil Hosseini. 2018. A state-of-the-art survey of malware detection approaches using data mining techniques. Human-centric Computing and Information Sciences 8, 1 (2018), 1–22.

Digital Library

[18]

Guosong Sun and Quan Qian. 2018. Deep learning and visualization for identifying malware families. IEEE Transactions on Dependable and Secure Computing (2018).

Digital Library

[19]

Tobias Wüchner, Martín Ochoa, and Alexander Pretschner. 2014. Malware detection with quantitative data flow graphs. In Proceedings of the 9th ACM symposium on Information, computer and communications security. 271–282.

Digital Library

[20]

Tobias Wüchner, Martín Ochoa, and Alexander Pretschner. 2015. Robust and effective malware detection through quantitative data flow graph metrics. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 98–118.

Digital Library

Cited By

Chysi ANikolopoulos SPolenakis I(2022)Detection and classification of malicious software utilizing Max-Flows between system-call groupsJournal of Computer Virology and Hacking Techniques10.1007/s11416-022-00433-219:1(97-123)Online publication date: 14-Jun-2022
https://doi.org/10.1007/s11416-022-00433-2

Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs
1. Security and privacy

Recommendations

An Algorithmic Framework for Malicious Software Detection Exploring Structural Characteristics of Behavioral Graphs
CompSysTech '20: Proceedings of the 21st International Conference on Computer Systems and Technologies

In this paper, we present the development of an algorithmic framework for the behavioral detection of malicious software utilizing a set of measurements to explore the structural characteristics of behavioral graphs. We first present the construction of ...
A graph-based framework for malicious software detection and classification utilizing temporal-graphs

In this paper we present a graph-based framework that, utilizing relations between groups of System-calls, detects whether an unknown software sample is malicious or benign, and classifies a malicious software to one of a set of known malware families. In ...
Detection of Running Malware Before it Becomes Malicious
Advances in Information and Computer Security
Abstract
As more vulnerabilities are being discovered every year [17], malware constantly evolves forcing improvements and updates of security and malware detection mechanisms. Malware is used directly on the attacked systems, thus anti-virus solutions tend ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CompSysTech '21: Proceedings of the 22nd International Conference on Computer Systems and Technologies

June 2021

230 pages

ISBN:9781450389822

DOI:10.1145/3472410

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

This research is co-?nanced by Greece and the European Union (European Social Fund- ESF) through the Operational Programme ?Human Resources Development, Education and Lifelong Learning 2014- 2020? in the context of the project ?Malicious Software Detection and Classi?cation utilizing Temporal?Graphs of Discrete and Cumulative Structural Evolution?. (MIS 5047642)

Conference

CompSysTech '21

CompSysTech '21: International Conference on Computer Systems and Technologies '21

June 18 - 19, 2021

Ruse, Bulgaria

Acceptance Rates

Overall Acceptance Rate 241 of 492 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
66
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chysi ANikolopoulos SPolenakis I(2022)Detection and classification of malicious software utilizing Max-Flows between system-call groupsJournal of Computer Virology and Hacking Techniques10.1007/s11416-022-00433-219:1(97-123)Online publication date: 14-Jun-2022
https://doi.org/10.1007/s11416-022-00433-2

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten