{"title":"基于字符串的恶意软件检测方法性能评估","authors":"Fahad Mira, Wei Huang","doi":"10.23919/IConAC.2018.8749096","DOIUrl":null,"url":null,"abstract":"Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.","PeriodicalId":121030,"journal":{"name":"2018 24th International Conference on Automation and Computing (ICAC)","volume":"28 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Performance Evaluation of String Based Malware Detection Methods\",\"authors\":\"Fahad Mira, Wei Huang\",\"doi\":\"10.23919/IConAC.2018.8749096\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.\",\"PeriodicalId\":121030,\"journal\":{\"name\":\"2018 24th International Conference on Automation and Computing (ICAC)\",\"volume\":\"28 1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 24th International Conference on Automation and Computing (ICAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/IConAC.2018.8749096\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 24th International Conference on Automation and Computing (ICAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/IConAC.2018.8749096","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Performance Evaluation of String Based Malware Detection Methods
Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
