Malware Detection Based on Suspicious Behavior Identification

Along with the popularization of computers, especially the wide use of Internet, malicious code in recent years has presented a serious threat to our world. In this paper, through the analysis against the suspicious behaviors of vicious program by function calls, we present an approach of malware detection which is based on analysis and distilling of representative characteristic and systemic description of the suspicious behaviors indicated by the sequences of APIs called under Windows. Based on function calls and control flow analysis, according to the identification of suspicious behavior, the technique implements a strategy of detection from malicious binary executables.

[1]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[2]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  Cristina Cifuentes,et al.  Intraprocedural static slicing of binary executables , 1997, 1997 Proceedings International Conference on Software Maintenance.

[4]  Dingxing Zhang,et al.  Using Support Vector Machine to Detect Unknown Computer Viruses , 2006 .

[5]  Jules Desharnais,et al.  Static Detection of Malicious Code in Executable Programs , 2000 .