Synthesizing near-optimal malware specifications from suspicious behaviors

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE) Pub Date : 2013-10-01 DOI:10.1109/MALWARE.2013.6703684

S. Jha, Matt Fredrikson, Mihai Christodorescu, R. Sailer, Xifeng Yan

{"title":"Synthesizing near-optimal malware specifications from suspicious behaviors","authors":"S. Jha, Matt Fredrikson, Mihai Christodorescu, R. Sailer, Xifeng Yan","doi":"10.1109/MALWARE.2013.6703684","DOIUrl":null,"url":null,"abstract":"Behavior-based detection techniques are a promising solution to the problem of malware proliferation. However, they require precise specifications of malicious behavior that do not result in an excessive number of false alarms, while still remaining general enough to detect new variants before traditional signatures can be created and distributed. In this paper, we present an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs. Such a discriminative specification can be used by a behavior-based malware detector. Our technique, based on graph mining and stochastic optimization, scales to large classes of programs. When this work was originally published, the technique yielded favorable results on malware targeted towards workstations (~86% detection rates on new malware). We believe that it can be brought to bear on emerging malware-based threats for new platforms, and discuss several promising avenues for future work in this direction.","PeriodicalId":325281,"journal":{"name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2013.6703684","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

Abstract

Behavior-based detection techniques are a promising solution to the problem of malware proliferation. However, they require precise specifications of malicious behavior that do not result in an excessive number of false alarms, while still remaining general enough to detect new variants before traditional signatures can be created and distributed. In this paper, we present an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs. Such a discriminative specification can be used by a behavior-based malware detector. Our technique, based on graph mining and stochastic optimization, scales to large classes of programs. When this work was originally published, the technique yielded favorable results on malware targeted towards workstations (~86% detection rates on new malware). We believe that it can be brought to bear on emerging malware-based threats for new platforms, and discuss several promising avenues for future work in this direction.

查看原文本刊更多论文

从可疑行为中合成近乎最佳的恶意软件规格

基于行为的检测技术是解决恶意软件扩散问题的一种很有前途的方法。然而，它们需要对恶意行为进行精确的规范，以避免产生过多的假警报，同时保持足够的通用性，以便在创建和分发传统签名之前检测到新的变体。在本文中，我们提出了一种自动提取最优判别规范的技术，该技术可以唯一地标识一类程序。这种判别规范可用于基于行为的恶意软件检测器。我们的技术，基于图挖掘和随机优化，扩展到大类别的程序。当这项工作最初发表时，该技术对针对工作站的恶意软件产生了有利的结果(对新恶意软件的检测率约为86%)。我们相信它可以用来应对新平台上基于恶意软件的威胁，并讨论了未来在这个方向上工作的几个有希望的途径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE)

自引率

0.00%

发文量