research-article

Malware detection based on dependency graph using hybrid genetic algorithm

Authors:

Byung-Ro MoonAuthors Info & Claims

GECCO '10: Proceedings of the 12th annual conference on Genetic and evolutionary computation

Pages 1211 - 1218

https://doi.org/10.1145/1830483.1830703

Published: 07 July 2010 Publication History

Abstract

Computer malware is becoming a serious threat to our daily life in the information-based society. Especially, script malwares has become famous recently, since a wide range of programs supported scripting, the fact that makes such malwares spread easily. Because of viral polymorphism, current malware detection technologies cannot catch up the exponential growth of polymorphic malwares. In this paper, we propose a detection mechanism for script malwares, using dependency graph analysis. Every script malware can be represented by a dependency graph and then the detection can be transformed to the problem finding maximum subgraph isomorphism in that polymorphism still maintains the core of logical structures of malwares. We also present efficient heuristic approaches for maximum subgraph isomorphism, which improve detection accuracy and reduce computational cost. The experimental results of their use in a hybrid GA showed superior detection accuracy against state-of-the-art anti-virus softwares.

References

[1]

J. Aycock. Computer Viruses and Malware. Springer, 2006.

Digital Library

[2]

I. Baxter, A. Yahin, L. Moura, M. Sant'Anna, and L. Bier. Clone detection using abstract syntax trees. In Proceedings of International Conference on Software Maintenance, pages 368--377, 1998.

Digital Library

[3]

V. Bontchev. Macro virus identification problems. Computers and Security, 17(1):69--89, 1998.

Digital Library

[4]

D. Bruschi, L. Martignoni, and M. Monga. Detecting self-mutating malware using control-flow graph matching. In DIMVA '06: Proceedings of the Conference on the Detection of Intrusions and Malwares and Vulnerability Assessment, pages 129--143, 2006.

Digital Library

[5]

T. Bui and B. Moon. A new genetic approach for the traveling salesman problem. In Proceedings of the First IEEE Conference on Evolutionary Computation. IEEE World Congress on Computational Intelligence., volume 1, pages 7--12, 1994.

[6]

M. R. Garey and D. S. Johnson. Computers and Intractability; A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., 1990.

Digital Library

[7]

D. E. Goldberg. Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Longman Publishing Co., Inc., 1989.

Digital Library

[8]

T. Kamiya, S. Kusumoto, and K. Inoue. CCFinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Transactions on Software Engineering, 28(7):654--670, 2002.

Digital Library

[9]

C. W. Ko. Method and apparatus for detecting a macro computer virus using static analysis, February 2004. United States Patent #6,697,950 B1.

[10]

K. Kontogiannis, M. Galler, and R. DeMori. Detecting code similarity using patterns. Working Notes of 3rd Workshop on AI and Software Engineering, 1995.

[11]

J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems, 9(3):319--349, 1987.

Digital Library

[12]

C. Liu, C. Chen, J. Han, and P. S. Yu. GPLAG: detection of software plagiarism by program dependence graph analysis. In KDD '06: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 872--881, 2006.

Digital Library

[13]

S. Noreen, S. Murtaza, M. Z. Shafiq, and M. Farooq. Evolvable malware. In GECCO '09: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation, pages 1569--1576, 2009.

Digital Library

[14]

S. Noreen, S. Murtaza, M. Z. Shafiq, and M. Farooq. Using formal grammar and genetic operators to evolve malware. In RAID: 12th International Symposium On Recent Advances In Intrusion Detection, volume 5758 of Lecture Notes in Computer Science, pages 374--375, 2009.

Digital Library

[15]

S. Pearce. Viral polymorphism. Sans Institute, 2003.

[16]

M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo. Data mining methods for detection of new malicious executables. In SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy, page 38, 2001.

Digital Library

[17]

M. Z. Shafiq, S. M. Tabish, and M. Farooq. On the appropriateness of evolutionary rule learning algorithms for malware detection. In GECCO '09: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation, pages 2609--2616, 2009.

Digital Library

[18]

G. Tesauro, J. Kephart, and G. Sorkin. Neural networks for computer virus recognition. IEEE Expert, 11(4):5--6, 1996.

Cited By

Wang CYuan ZZhou PXu ZLi RWu D(2023)The Security and Privacy of Mobile-Edge Computing: An Artificial Intelligence PerspectiveIEEE Internet of Things Journal10.1109/JIOT.2023.330431810:24(22008-22032)Online publication date: 15-Dec-2023
https://doi.org/10.1109/JIOT.2023.3304318
Tayyab UKhan FDurad MKhan ALee Y(2022)A Survey of the Recent Trends in Deep Learning Based Malware DetectionJournal of Cybersecurity and Privacy10.3390/jcp20400412:4(800-829)Online publication date: 28-Sep-2022
https://doi.org/10.3390/jcp2040041
Lee KYoo C(2021)Malware Intelligence System based on Windows API Dependency GraphThe Journal of Korean Institute of Information Technology10.14801/jkiit.2021.19.4.12519:4(125-134)Online publication date: 30-Apr-2021
https://doi.org/10.14801/jkiit.2021.19.4.125
Show More Cited By

Index Terms

Malware detection based on dependency graph using hybrid genetic algorithm
1. Computing methodologies
  1. Artificial intelligence
    1. Search methodologies
      1. Heuristic function construction
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

New malware detection system using metric-based method and hybrid genetic algorithm
GECCO '12: Proceedings of the 14th annual conference companion on Genetic and evolutionary computation

Malicious software, or malware for short, is one of the most serious threats to computer systems. Malware disguise techniques are becoming more sophisticated, and signature-based malware detection systems can not cope with disguised malware timely. In ...
Disguised malware script detection system using hybrid genetic algorithm
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

Malicious software, or malware for short, is one of the most serious threats to computer systems. There are various disguise techniques that hide malware from being detected, and these techniques are becoming more sophisticated. Traditional signature-...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '10: Proceedings of the 12th annual conference on Genetic and evolutionary computation

July 2010

1520 pages

ISBN:9781450300728

DOI:10.1145/1830483

General Chair:
Martin Pelikan
University of Missouri, USA
,
Program Chair:
Jürgen Branke
University of Warwick, Coventry, UK

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGEVO: ACM Special Interest Group on Genetic and Evolutionary Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 July 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO '10

Sponsor:

SIGEVO

GECCO '10: Genetic and Evolutionary Computation Conference

July 7 - 11, 2010

Oregon, Portland, USA

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
941
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)4

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang CYuan ZZhou PXu ZLi RWu D(2023)The Security and Privacy of Mobile-Edge Computing: An Artificial Intelligence PerspectiveIEEE Internet of Things Journal10.1109/JIOT.2023.330431810:24(22008-22032)Online publication date: 15-Dec-2023
https://doi.org/10.1109/JIOT.2023.3304318
Tayyab UKhan FDurad MKhan ALee Y(2022)A Survey of the Recent Trends in Deep Learning Based Malware DetectionJournal of Cybersecurity and Privacy10.3390/jcp20400412:4(800-829)Online publication date: 28-Sep-2022
https://doi.org/10.3390/jcp2040041
Lee KYoo C(2021)Malware Intelligence System based on Windows API Dependency GraphThe Journal of Korean Institute of Information Technology10.14801/jkiit.2021.19.4.12519:4(125-134)Online publication date: 30-Apr-2021
https://doi.org/10.14801/jkiit.2021.19.4.125
Hellal AMallouli FHidri AAljamaeen R(2020)A survey on graph-based methods for malware detection2020 4th International Conference on Advanced Systems and Emergent Technologies (IC_ASET)10.1109/IC_ASET49463.2020.9318301(130-134)Online publication date: 15-Dec-2020
https://doi.org/10.1109/IC_ASET49463.2020.9318301
Xu BLi YYu X(2020)Malware Detection Based on Static and Dynamic Features AnalysisMachine Learning for Cyber Security10.1007/978-3-030-62223-7_10(111-124)Online publication date: 11-Nov-2020
https://doi.org/10.1007/978-3-030-62223-7_10
Silva CFerreira da Costa LRocha LViana G(2020)KNN Applied to PDG for Source Code Similarity ClassificationIntelligent Systems10.1007/978-3-030-61380-8_32(471-482)Online publication date: 13-Oct-2020
https://doi.org/10.1007/978-3-030-61380-8_32
Bostami BAhmed M(2020)Deep Learning Meets Malware Detection: An InvestigationCombating Security Challenges in the Age of Big Data10.1007/978-3-030-35642-2_7(137-155)Online publication date: 27-May-2020
https://doi.org/10.1007/978-3-030-35642-2_7
Zhdanov A(2019)Generation of Static YARA-Signatures Using Genetic Algorithm2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW.2019.00031(220-228)Online publication date: Jun-2019
https://doi.org/10.1109/EuroSPW.2019.00031
Chatvichienchai S(2017)A Novel System for Securely Sharing Macros of Spreadsheets of OrganizationsJournal of Advances in Information Technology10.12720/jait.8.2.86-91(86-91)Online publication date: 2017
https://doi.org/10.12720/jait.8.2.86-91
Zincir-Heywood NKayacik G(2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
https://dl.acm.org/doi/10.1145/3067695.3067726
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten