research-article

MGeT: Malware Gene-Based Malware Dynamic Analyses

Authors:

Enbo SunAuthors Info & Claims

ICCSP '17: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy

Pages 96 - 101

https://doi.org/10.1145/3058060.3058065

Published: 17 March 2017 Publication History

Abstract

Malware, as a malicious software, or applications or execution codes, has become the centerpiece of most security threats in such a unceasing open Internet environment. The essential technology of malware analysis is to extract the characteristics of malware, intended to supply signatures to detection systems and provide evidence for recovery and cleanup. The focal point in the malware analysis is how to detect malicious behaviors versus how to hide a malware analyzer from malware during runtime. In this paper, we propose an approach called Malware Gene Topology Model (MGeT) inspired by Biotechnological Genomics that can quickly detect potential malware from a large amount of software or execution codes including metamorphic or new variants of malware. Instead of extracting the signatures from the malware in the execution file level or operating system level, we identify the key malicious behaviors of malware by the underlying instructions, named malware Gene. We evaluate our method based on real-world datasets and the results demonstrate the advantages of our method over the previous studies, validating the contribution of our method.

References

[1]

Egele, M., Scholte, T., Kirda, E., and Kruegel, C. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2):6, 2012.

Digital Library

[2]

Szor, P. The art of computer virus research and defense. Pearson Education, 2005.

Digital Library

[3]

Company, S. Internet security report of china in the year 2015. http://www.360doc.com/content, 2015.

[4]

McAfee, N. L. Estimating the global cost of cybercrime. economic impact of cybercrime ii, mcafee, junio de 2014.

[5]

Moser, A., Kruegel, C., and Kirda, E. Limits of static analysis for malware detection. In Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual, pages 421--430. IEEE, 2007.

[6]

Ye, D. Wang, T., Li, D. Y., and Jiang, Q. An intelligent pe-malware detection system based on association mining. Journal in computer virology, 4(4):323--334, 2008.

[7]

Ramadass, S. Malware detection based on evolving clustering method for classification. Scientific Research and Essays, 7(22):2031--2036, 2012.

[8]

Annachhatre, C., Austin, T. H., and Stamp, M. Hidden markov models for malware classification. Journal of Computer Virology and Hacking Techniques, 11(2):59--73, 2015.

[9]

Kong, D. and Yan, G. Discriminant malware distance learning on structural information for automated malware classification. In Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1357--1365. ACM, 2013.

Digital Library

[10]

Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security, page 4. ACM, 2011.

Digital Library

[11]

Anderson, B., Quist, D., Neil, J., Storlie, C., and Lane, T. Graph-based malware detection using dynamic analysis. Journal in Computer Virology, 7(4):247--258, 2011.

Digital Library

[12]

Nari, S., and Ghorbani, A. A. Automated malware classification based on network behavior. In Computing, Networking and Communications (ICNC), 2013 International Conference on, pages 642--647. IEEE, 2013.

Digital Library

[13]

Sandbox, N. Norman sandbox whitepaper, 2010.

[14]

Bayer, U., Kruegel, C., and Kirda, E. Anubis: Analyzing unknown binaries, 2009.

[15]

Caballero, J., Yin, H., Liang, Z., and Song, D. Polyglot: Automatic extraction of protocol message format using Dynamic binary analysis. In Proceedings of the 14th ACM conference on Computer and communications security, pages 317--329. ACM, 2007.

Digital Library

[16]

Elhadi, A. A. E., Maarof, M. A., and Osman, A. H. Malware detection based on hybrid signature behaviour application programming interface call graph. American Journal of Applied Sciences, 9(3):283, 2012.

[17]

Ye, L., and Keogh, E. Time series shapelets: a new primitive for data mining. In Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 947--956. ACM, 2009.

Digital Library

[18]

Hou, L., Kwok, J. T., and Zurada, J. M. Efficient learning of time series shapelets. In Thirtieth AAAI Conference on Artificial Intelligence, 2016.

Digital Library

[19]

Imran, M., Afzal, M. T., and Qadir, M. A. Using hidden markov model for dynamic malware analysis: First impressions. In Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, pages 816--821. IEEE, 2015.

[20]

Rieck, K., Trinius, P., Willems, C., and Holz, T. Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4):639--668, 2011.

Digital Library

Cited By

Gui HLiu FZhang CTang K(2022)A Malware Classification Method based on Attentive Bidirectional Model2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP)10.1109/ICSP54964.2022.9778322(1362-1369)Online publication date: 15-Apr-2022
https://doi.org/10.1109/ICSP54964.2022.9778322
Gui HZhang CHuang YLiu F(2022)A PV-DM-based feature fusion method for binary malware clustering2022 4th International Conference on Communications, Information System and Computer Engineering (CISCE)10.1109/CISCE55963.2022.9851172(114-118)Online publication date: 27-May-2022
https://doi.org/10.1109/CISCE55963.2022.9851172
Mei RYan HHan Z(2021)RansomLens: Understanding Ransomware via Causality Analysis on System Provenance GraphScience of Cyber Security10.1007/978-3-030-89137-4_18(252-267)Online publication date: 10-Oct-2021
https://doi.org/10.1007/978-3-030-89137-4_18
Show More Cited By

Recommendations

MalGene: Automatic Extraction of Malware Analysis Evasion Signature
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Automated dynamic malware analysis is a common approach for detecting malicious software. However, many malware samples identify the presence of the analysis environment and evade detection by not performing any malicious activity. Recently, an approach ...
The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...
Malware Detection by Static Checking and Dynamic Analysis of Executables

The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCSP '17: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy

March 2017

153 pages

ISBN:9781450348676

DOI:10.1145/3058060

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Wuhan Univ.: Wuhan University, China

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCSP '17

ICCSP '17: 2017 International Conference on Cryptography, Security and Privacy

March 17 - 19, 2017

Wuhan, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
252
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gui HLiu FZhang CTang K(2022)A Malware Classification Method based on Attentive Bidirectional Model2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP)10.1109/ICSP54964.2022.9778322(1362-1369)Online publication date: 15-Apr-2022
https://doi.org/10.1109/ICSP54964.2022.9778322
Gui HZhang CHuang YLiu F(2022)A PV-DM-based feature fusion method for binary malware clustering2022 4th International Conference on Communications, Information System and Computer Engineering (CISCE)10.1109/CISCE55963.2022.9851172(114-118)Online publication date: 27-May-2022
https://doi.org/10.1109/CISCE55963.2022.9851172
Mei RYan HHan Z(2021)RansomLens: Understanding Ransomware via Causality Analysis on System Provenance GraphScience of Cyber Security10.1007/978-3-030-89137-4_18(252-267)Online publication date: 10-Oct-2021
https://doi.org/10.1007/978-3-030-89137-4_18
Wang ZHan WLu YXue J(2020)A Malware Classification Method Based on the Capsule NetworkMachine Learning for Cyber Security10.1007/978-3-030-62223-7_4(35-49)Online publication date: 11-Nov-2020
https://doi.org/10.1007/978-3-030-62223-7_4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents