Malware detection based on hybrid signature behavior application programming interface call graph

Problem statement: A malware is a program that has malicious intent. Nowadays, malware authors apply several sophisticated techniques such as packing and obfuscation to avoid malware detection. That makes zero-day attacks and false positives the most challenging problems in the malware detection field. Approach: In this study, the static and dynamic analysis techniques that are used in malware detection are surveyed. Static analysis techniques, dynamic analysis techniques and their combination including Signature-Based and Behaviour-Based techniques are discussed. Results: In addition, a new malware detection framework is proposed. Conclusion: The proposed framework combines Signature-Based with Behaviour-Based using API graph system. The goal of the proposed framework is to improve accuracy and scan process time for malware detection.

[1]  Dawn Song,et al.  Malware Detection , 2010, Advances in Information Security.

[2]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[3]  rey O. Kephart,et al.  Automatic Extraction of Computer Virus SignaturesJe , 2006 .

[4]  Byung Ro Moon,et al.  Malware detection based on dependency graph using hybrid genetic algorithm , 2010, GECCO '10.

[5]  Wen Fu,et al.  Detecting Malicious Behavior Using Critical API-Calling Graph Matching , 2009, 2009 First International Conference on Information Science and Engineering.

[6]  Joris Kinable,et al.  Improved call graph comparison using simulated annealing , 2011, SAC.

[7]  Aman Jantan,et al.  A Framework for Malware Detection Using Combination Technique and Signature Generation , 2010, 2010 Second International Conference on Computer Research and Development.

[8]  Heejo Lee,et al.  Detecting metamorphic malwares using code graphs , 2010, SAC '10.

[9]  Kouichi Sakurai,et al.  A behavior based malware detection scheme for avoiding false positive , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[10]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[11]  Yanfang Ye,et al.  CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[12]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[13]  Kaspar Riesen,et al.  Approximate graph edit distance computation by means of bipartite graph matching , 2009, Image Vis. Comput..

[14]  Tao Li,et al.  An intelligent PE-malware detection system based on association mining , 2008, Journal in Computer Virology.

[15]  Douglas S. Reeves,et al.  Fast malware classification by automated behavioral graph matching , 2010, CSIIRW '10.

[16]  Vijay Laxmi,et al.  MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API , 2010, SIN.

[17]  Barbara G. Ryder,et al.  Constructing the Call Graph of a Program , 1979, IEEE Transactions on Software Engineering.

[18]  Xuxian Jiang,et al.  Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory , 2010, RAID.

[19]  Haoran Guo,et al.  HERO: A novel malware detection framework based on binary translation , 2010, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems.

[20]  J. Munkres ALGORITHMS FOR THE ASSIGNMENT AND TRANSIORTATION tROBLEMS* , 1957 .

[21]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[22]  Ambuj K. Singh,et al.  Closure-Tree: An Index Structure for Graph Queries , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[23]  Xuelong Li,et al.  A survey of graph edit distance , 2010, Pattern Analysis and Applications.

[24]  Gerald Tesauro,et al.  Neural networks for computer virus recognition , 1996 .

[25]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[26]  James Cheng,et al.  Structure and attribute index for approximate graph matching in large graphs , 2011, Inf. Syst..

[27]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[28]  Guillaume Bonfante,et al.  Control Flow Graphs as Malware Signatures , 2007 .

[29]  Kaspar Riesen,et al.  Exact and Inexact Graph Matching: Methodology and Applications , 2010, Managing and Mining Graph Data.

[30]  Mark Stamp,et al.  Deriving common malware behavior through graph clustering , 2013, Comput. Secur..

[31]  Joohan Lee,et al.  A survey of data mining techniques for malware detection using file features , 2008, ACM-SE 46.