Hengli Zhao, Ning Zheng, Jun Yu Li, J. Yao, Qiang Hou
{"title":"基于全虚拟化和SVM的未知恶意软件检测","authors":"Hengli Zhao, Ning Zheng, Jun Yu Li, J. Yao, Qiang Hou","doi":"10.1109/ICMECG.2009.114","DOIUrl":null,"url":null,"abstract":"Malware has become the centerpiece of security threats on the e-commercial business. The focus of malware research is shifting from using signature patterns to identifying the malicious behavior patterns. Many researcher extract behavior pattern from system call sequences to identify malware from benign programs with data mining techniques. Most system call tracing tools must run alongside the malware in the same system environment and could be easily detected by malware. In this paper, we propose a new system calls tracing system based on the full virtualization via Intel-VT technology. Malicious samples are running in a GuestOS and they can not detect the existence of system call tracing tool running in the HostOS. We collect a system call trace data set from 1226 malicious and 587 benign executables. An experiment based on the SVM model shows that the proposed method can detect malware with strong resilience and high accuracy.","PeriodicalId":252323,"journal":{"name":"2009 International Conference on Management of e-Commerce and e-Government","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Unknown Malware Detection Based on the Full Virtualization and SVM\",\"authors\":\"Hengli Zhao, Ning Zheng, Jun Yu Li, J. Yao, Qiang Hou\",\"doi\":\"10.1109/ICMECG.2009.114\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware has become the centerpiece of security threats on the e-commercial business. The focus of malware research is shifting from using signature patterns to identifying the malicious behavior patterns. Many researcher extract behavior pattern from system call sequences to identify malware from benign programs with data mining techniques. Most system call tracing tools must run alongside the malware in the same system environment and could be easily detected by malware. In this paper, we propose a new system calls tracing system based on the full virtualization via Intel-VT technology. Malicious samples are running in a GuestOS and they can not detect the existence of system call tracing tool running in the HostOS. We collect a system call trace data set from 1226 malicious and 587 benign executables. An experiment based on the SVM model shows that the proposed method can detect malware with strong resilience and high accuracy.\",\"PeriodicalId\":252323,\"journal\":{\"name\":\"2009 International Conference on Management of e-Commerce and e-Government\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-09-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Management of e-Commerce and e-Government\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICMECG.2009.114\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Management of e-Commerce and e-Government","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICMECG.2009.114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Unknown Malware Detection Based on the Full Virtualization and SVM
Malware has become the centerpiece of security threats on the e-commercial business. The focus of malware research is shifting from using signature patterns to identifying the malicious behavior patterns. Many researcher extract behavior pattern from system call sequences to identify malware from benign programs with data mining techniques. Most system call tracing tools must run alongside the malware in the same system environment and could be easily detected by malware. In this paper, we propose a new system calls tracing system based on the full virtualization via Intel-VT technology. Malicious samples are running in a GuestOS and they can not detect the existence of system call tracing tool running in the HostOS. We collect a system call trace data set from 1226 malicious and 587 benign executables. An experiment based on the SVM model shows that the proposed method can detect malware with strong resilience and high accuracy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
