论文信息 - Dynamic behavior evaluation for malware detection

Dynamic behavior evaluation for malware detection

The number of malicious applications, their diversity and complexity is continuously growing. To provide the best protection against these advanced threats, there is a need to develop proactive detection solutions, that are able to detect malware based on their behavior. One of the essential concerns when developing such solutions is identifying specific actions based on which malicious applications will be detected. Almost all actions commonly performed by malware can also be encountered in the behavior of clean applications, making it necessary to develop a scoring engine able to evaluate the potential malicious behavior of a process, based on its entire set of actions. We propose a set of dynamic behavior evaluation concepts that should be considered by any proactive security researcher. Using these concepts we developed a scoring engine for a behavior-based solution that has a high detection rate, a small number of false positives, and is highly adaptable and extensible.

Alexandra Mondoc | Octavian Creţ | Gheorghe Hăjmăşan

[1] Yoseba K. Penya,et al. Automatic Behaviour-based Analysis and Classification System for Malware Detection , 2010, ICEIS.

[2] Alexander Pretschner,et al. Malware detection with quantitative data flow graphs , 2014, AsiaCCS.

[3] Guofei Gu,et al. Shadow attacks: automatically evading system-call-behavior based malware detection , 2011, Journal in Computer Virology.

[4] Carsten Willems,et al. Learning and Classification of Malware Behavior , 2008, DIMVA.

[5] Christopher Krügel,et al. A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[6] Bazara I. A. Barry,et al. Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph , 2013 .

[7] Byung Ro Moon,et al. Malware detection based on dependency graph using hybrid genetic algorithm , 2010, GECCO '10.

[8] Bülent Yener,et al. AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing , 2016, WOOT.

[9] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10] Ricardo J. Rodríguez,et al. Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.