MGeT: Malware Gene-Based Malware Dynamic Analyses

International Conference on Cryptography, Security and Privacy Pub Date : 2017-03-17 DOI:10.1145/3058060.3058065

Jianwei Ding, Zhouguo Chen, Yue Zhao, Hong Su, Yubin Guo, Enbo Sun

{"title":"MGeT: Malware Gene-Based Malware Dynamic Analyses","authors":"Jianwei Ding, Zhouguo Chen, Yue Zhao, Hong Su, Yubin Guo, Enbo Sun","doi":"10.1145/3058060.3058065","DOIUrl":null,"url":null,"abstract":"Malware, as a malicious software, or applications or execution codes, has become the centerpiece of most security threats in such a unceasing open Internet environment. The essential technology of malware analysis is to extract the characteristics of malware, intended to supply signatures to detection systems and provide evidence for recovery and cleanup. The focal point in the malware analysis is how to detect malicious behaviors versus how to hide a malware analyzer from malware during runtime. In this paper, we propose an approach called Malware Gene Topology Model (MGeT) inspired by Biotechnological Genomics that can quickly detect potential malware from a large amount of software or execution codes including metamorphic or new variants of malware. Instead of extracting the signatures from the malware in the execution file level or operating system level, we identify the key malicious behaviors of malware by the underlying instructions, named malware Gene. We evaluate our method based on real-world datasets and the results demonstrate the advantages of our method over the previous studies, validating the contribution of our method.","PeriodicalId":152599,"journal":{"name":"International Conference on Cryptography, Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Cryptography, Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3058060.3058065","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Malware, as a malicious software, or applications or execution codes, has become the centerpiece of most security threats in such a unceasing open Internet environment. The essential technology of malware analysis is to extract the characteristics of malware, intended to supply signatures to detection systems and provide evidence for recovery and cleanup. The focal point in the malware analysis is how to detect malicious behaviors versus how to hide a malware analyzer from malware during runtime. In this paper, we propose an approach called Malware Gene Topology Model (MGeT) inspired by Biotechnological Genomics that can quickly detect potential malware from a large amount of software or execution codes including metamorphic or new variants of malware. Instead of extracting the signatures from the malware in the execution file level or operating system level, we identify the key malicious behaviors of malware by the underlying instructions, named malware Gene. We evaluate our method based on real-world datasets and the results demonstrate the advantages of our method over the previous studies, validating the contribution of our method.

查看原文本刊更多论文

基于恶意软件基因的恶意软件动态分析

在这样一个不断开放的互联网环境中，恶意软件或应用程序或执行代码已经成为大多数安全威胁的核心。恶意软件分析的核心技术是提取恶意软件的特征，为检测系统提供特征，为恢复和清除提供证据。恶意软件分析的重点是如何检测恶意行为，以及如何在运行时对恶意软件隐藏恶意软件分析器。在本文中，我们提出了一种受生物技术基因组学启发的恶意软件基因拓扑模型(MGeT)方法，该方法可以从大量软件或执行代码中快速检测潜在的恶意软件，包括变形或新的恶意软件变体。我们不是在执行文件级或操作系统级提取恶意软件的签名，而是通过底层指令(称为恶意基因)来识别恶意软件的关键恶意行为。我们基于真实世界的数据集评估了我们的方法，结果证明了我们的方法比以前的研究有优势，验证了我们的方法的贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Cryptography, Security and Privacy

自引率

0.00%

发文量