论文信息 - A Behavior-Based Approach for Malware Detection

A Behavior-Based Approach for Malware Detection

Malware is the fastest growing threat to information technology systems. Although a single absolute solution for defeating malware is improbable, a stacked arsenal against malicious software enhances the ability to maintain security and privacy. This research attempts to reinforce the anti-malware arsenal by studying a behavioral activity common to software – the use of handles. The characteristics of handle usage by benign and malicious software are extracted and exploited in an effort to distinguish between the two classes. An automated malware detection mechanism is presented that utilizes memory forensics, information retrieval and machine learning techniques. Experimentation with a malware dataset yields a malware detection rate of 91.4% with precision and recall of 89.8% and 91.1%, respectively.

[1] Rui Li,et al. Automated malware detection using artifacts in forensic memory images , 2016, 2016 IEEE Symposium on Technologies for Homeland Security (HST).

[2] Gilles Louppe,et al. Independent consultant , 2013 .

[3] Sophos,et al. THE KERNEL : ROOTKIT DISCOVERY USING SELECTIVE AUTOMATED KERNEL MEMORY DIFFERENCING , 2014 .

[4] Corinna Cortes,et al. Support-Vector Networks , 1995, Machine Learning.

[5] Tin Kam Ho,et al. The Random Subspace Method for Constructing Decision Forests , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[6] Abhinav Srivastava,et al. Robust signatures for kernel data structures , 2009, CCS.

[7] Hossein Shirazi,et al. A new approach to malware detection by comparative analysis of data structures in a memory image , 2014, 2014 International Congress on Technology, Communication and Knowledge (ICTCK).

[8] Mohd Faizal Abdollah,et al. Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection , 2014, 2014 International Conference on Information Science & Applications (ICISA).

[9] Youssef B. Mahdy,et al. Behavior-based features model for malware detection , 2016, Journal of Computer Virology and Hacking Techniques.

[10] Hinrich Schütze,et al. Introduction to information retrieval , 2008 .

[11] Aziz Mohaisen,et al. AMAL: High-Fidelity, Behavior-Based Automated Malware Analysis and Classification , 2014, WISA.

[12] Muttukrishnan Rajarajan,et al. Employing Program Semantics for Malware Detection , 2015, IEEE Transactions on Information Forensics and Security.

[13] Tomer Teller,et al. Enhancing Automated Malware Analysis Machines with Memory Analysis , 2014 .

[14] Mark Russinovich,et al. Windows Internals - Parts 1 and 2 , 2012 .

[15] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[16] Greg Hoglund,et al. Rootkits: Subverting the Windows Kernel , 2005 .

[17] N. Altman. An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression , 1992 .

[18] Igor Santos,et al. Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[19] Babu M. Mehtre,et al. Static Malware Analysis Using Machine Learning Methods , 2014, SNDS.

[20] Kevin Mandia,et al. Incident Response & Computer Forensics , 2003 .

[21] C. Q. Lee,et al. Three-phase behavior-based detection and classification of known and unknown malware , 2015, Secur. Commun. Networks.

[22] Bill Blunden. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System , 2009 .

[23] David Slater,et al. Malicious Behavior Detection using Windows Audit Logs , 2015, AISec@CCS.

[24] Konstantin Berlin,et al. Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[25] Aziz Mohaisen,et al. AMAL: High-fidelity, behavior-based automated malware analysis and classification , 2014, Comput. Secur..

[26] Michael Cohen,et al. Anti-forensic resilient memory acquisition , 2013 .

[27] Jens Myrup Pedersen,et al. Analysis of Malware behavior: Type classification using machine learning , 2015, 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA).

[28] Aaron Walters,et al. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory , 2014 .

[29] Zane Markel,et al. Building a machine learning classifier for malware detection , 2014, 2014 Second Workshop on Anti-malware Testing Research (WATeR).

[30] Douglas S. Reeves,et al. Deriving common malware behavior through graph clustering , 2011, ASIACCS '11.