M. Bernardi, Marta Cimitile, F. Martinelli, F. Mercaldo
{"title":"一种基于模糊过程挖掘的动态恶意软件检测方法","authors":"M. Bernardi, Marta Cimitile, F. Martinelli, F. Mercaldo","doi":"10.1109/FUZZ-IEEE.2017.8015490","DOIUrl":null,"url":null,"abstract":"Mobile systems have become essential for communication and productivity but are also becoming target of continuous malware attacks. New malware are often obtained as variants of existing malicious code. This work describes an approach for dynamic malware detection based on the combination of Process Mining (PM) and Fuzzy Logic (FL) techniques. The firsts are used to characterize the behavior of an application identifying some recurring execution expressed as a set of declarative constraints between the system calls. Fuzzy logic is used to classify the analyzed malware applications and verify their relations with the existing malware variants. The combination of the two techniques allows to obtain a fingerprint of an application that is used to verify its maliciousness/trustfulness, establish if it belongs from a known malware family and identify the differences between the detected malware behavior and the other variants of the some malware family. The approach is applied on a dataset of 3000 trusted and malicious applications across twelve malware families and has shown a very good discrimination ability that can be exploited for malware detection and family identification.","PeriodicalId":408343,"journal":{"name":"2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"A fuzzy-based process mining approach for dynamic malware detection\",\"authors\":\"M. Bernardi, Marta Cimitile, F. Martinelli, F. Mercaldo\",\"doi\":\"10.1109/FUZZ-IEEE.2017.8015490\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile systems have become essential for communication and productivity but are also becoming target of continuous malware attacks. New malware are often obtained as variants of existing malicious code. This work describes an approach for dynamic malware detection based on the combination of Process Mining (PM) and Fuzzy Logic (FL) techniques. The firsts are used to characterize the behavior of an application identifying some recurring execution expressed as a set of declarative constraints between the system calls. Fuzzy logic is used to classify the analyzed malware applications and verify their relations with the existing malware variants. The combination of the two techniques allows to obtain a fingerprint of an application that is used to verify its maliciousness/trustfulness, establish if it belongs from a known malware family and identify the differences between the detected malware behavior and the other variants of the some malware family. The approach is applied on a dataset of 3000 trusted and malicious applications across twelve malware families and has shown a very good discrimination ability that can be exploited for malware detection and family identification.\",\"PeriodicalId\":408343,\"journal\":{\"name\":\"2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FUZZ-IEEE.2017.8015490\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FUZZ-IEEE.2017.8015490","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A fuzzy-based process mining approach for dynamic malware detection
Mobile systems have become essential for communication and productivity but are also becoming target of continuous malware attacks. New malware are often obtained as variants of existing malicious code. This work describes an approach for dynamic malware detection based on the combination of Process Mining (PM) and Fuzzy Logic (FL) techniques. The firsts are used to characterize the behavior of an application identifying some recurring execution expressed as a set of declarative constraints between the system calls. Fuzzy logic is used to classify the analyzed malware applications and verify their relations with the existing malware variants. The combination of the two techniques allows to obtain a fingerprint of an application that is used to verify its maliciousness/trustfulness, establish if it belongs from a known malware family and identify the differences between the detected malware behavior and the other variants of the some malware family. The approach is applied on a dataset of 3000 trusted and malicious applications across twelve malware families and has shown a very good discrimination ability that can be exploited for malware detection and family identification.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
