Maximal frequent sub-graph mining for malware detection

2015 15th International Conference on Intelligent Systems Design and Applications (ISDA) Pub Date : 2015-12-01 DOI:10.1109/ISDA.2015.7489265

Aya Hellal, L. Romdhane

{"title":"Maximal frequent sub-graph mining for malware detection","authors":"Aya Hellal, L. Romdhane","doi":"10.1109/ISDA.2015.7489265","DOIUrl":null,"url":null,"abstract":"Malware detection has been one of the current computer security topics of great interest. Traditional signature-based malware detection fails to detect variants of known malware or previously unseen malware. To deal with this issue, machine learning and data mining methods have been widely used to counter the obfuscation techniques of attackers by examining the underlying behavior of suspected malware. However, these methods still suffer from the large number of extracted features and the lack of precise specifications which affects badly scanning time and the accuracy of the malware detection process. In this paper, we present an automatic detection method based on graph mining techniques. Maximal frequent subgraphs in a set of code graphs, representing common behaviors with precise specifications in execution files, are extracted and used as features to generate semantic signatures. These semantic signatures are represented by a set of learning models and employed to distinguish malware programs from benign. Experimental results indicate that our method extracts a limited number of interesting features and achieves effective malware detection.","PeriodicalId":196743,"journal":{"name":"2015 15th International Conference on Intelligent Systems Design and Applications (ISDA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 15th International Conference on Intelligent Systems Design and Applications (ISDA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISDA.2015.7489265","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Malware detection has been one of the current computer security topics of great interest. Traditional signature-based malware detection fails to detect variants of known malware or previously unseen malware. To deal with this issue, machine learning and data mining methods have been widely used to counter the obfuscation techniques of attackers by examining the underlying behavior of suspected malware. However, these methods still suffer from the large number of extracted features and the lack of precise specifications which affects badly scanning time and the accuracy of the malware detection process. In this paper, we present an automatic detection method based on graph mining techniques. Maximal frequent subgraphs in a set of code graphs, representing common behaviors with precise specifications in execution files, are extracted and used as features to generate semantic signatures. These semantic signatures are represented by a set of learning models and employed to distinguish malware programs from benign. Experimental results indicate that our method extracts a limited number of interesting features and achieves effective malware detection.

查看原文本刊更多论文

恶意软件检测的最大频繁子图挖掘

恶意软件检测一直是当前计算机安全领域备受关注的课题之一。传统的基于签名的恶意软件检测无法检测到已知恶意软件的变体或以前未见过的恶意软件。为了解决这个问题，机器学习和数据挖掘方法被广泛用于通过检查可疑恶意软件的潜在行为来对抗攻击者的混淆技术。然而，这些方法仍然存在特征提取量大、缺乏精确规范的问题，严重影响了扫描时间和恶意软件检测过程的准确性。本文提出了一种基于图挖掘技术的自动检测方法。在一组代码图中提取最大频繁子图，在执行文件中使用精确的规范表示常见行为，并将其作为特征用于生成语义签名。这些语义签名由一组学习模型表示，并用于区分恶意程序和良性程序。实验结果表明，该方法提取了有限数量的有趣特征，实现了有效的恶意软件检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 15th International Conference on Intelligent Systems Design and Applications (ISDA)

自引率

0.00%

发文量