Performance Evaluation of String Based Malware Detection Methods

2018 24th International Conference on Automation and Computing (ICAC) Pub Date : 2018-09-01 DOI:10.23919/IConAC.2018.8749096

Fahad Mira, Wei Huang

{"title":"Performance Evaluation of String Based Malware Detection Methods","authors":"Fahad Mira, Wei Huang","doi":"10.23919/IConAC.2018.8749096","DOIUrl":null,"url":null,"abstract":"Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.","PeriodicalId":121030,"journal":{"name":"2018 24th International Conference on Automation and Computing (ICAC)","volume":"28 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 24th International Conference on Automation and Computing (ICAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/IConAC.2018.8749096","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.

查看原文本刊更多论文

基于字符串的恶意软件检测方法性能评估

传统的基于签名的恶意软件检测技术由于其高检出率和低误报率已经被使用了很多年。然而，基于签名的检测技术被认为是无效的，因为它们无法检测到看不见的、新的、多态的和变形的恶意软件。为了弥补基于签名的检测技术的弱点，研究人员转向了基于行为的检测技术，通过在执行过程中捕获恶意软件API调用来构建恶意软件的行为。在这种情况下，API调用序列匹配技术被广泛用于计算恶意软件的相似性。然而，API调用序列匹配技术需要大量的处理资源，由于计算复杂性使得过程缓慢，因此无法扩展到大型API调用序列。为了解决这个问题，本文使用了最长公共子串和最长公共子序列来进行字符串匹配，以检测恶意软件及其变体。本文从恶意软件检测率和虚警率两个方面对这两种算法进行了评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 24th International Conference on Automation and Computing (ICAC)

自引率

0.00%

发文量