A Statistical Approach for Discovering Critical Malicious Patterns in Malware Families
نویسندگان
چکیده
In this paper, we present carefully selected critical malicious patterns, which are in common among malware variants in the same malware family, but not other malware families, using statistical information processing. The analysed critical malicious patterns can be an effective training dataset, towards classification of known and unknown malware variants. We present malware variants as a set of hashes, which represent the constituent basic blocks of the malware Control Flow Graph, and classify them into their corresponding malware family. By computing the Distribution Frequency for each basic block residing in all the malware families, the importance of being a possible representative to become a critical malicious pattern for a specific malware family is measured. This value is carefully computed by considering the population of each malware family. Keywords–Malware; Malicious Patterns; Malicious Shared Code; Classification; Control Flow Graph; Numerical Statistics.
منابع مشابه
DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملAn automated approach to analysis and classification of Crypto-ransomwares’ family
There is no doubt that malicious programs are one of the permanent threats to computer systems. Malicious programs distract the normal process of computer systems to apply their roguish purposes. Meanwhile, there is also a type of malware known as the ransomware that limits victims to access their computer system either by encrypting the victimchr('39')s files or by locking the system. Despite ...
متن کاملDiscovering Malware with Time Series Shapelets
Malicious software (‘malware’) detection systems are usually signature-based and cannot stop attacks by malicious files they have never encountered. To stop these attacks, we need statistical learning approaches to identify root patterns behind execution of malware. We propose a machine learning approach for detection of malware from portable executable (PE) files. We create an ‘entropy time se...
متن کاملContrasting Permission Patterns between Clean and Malicious Android Applications
The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed...
متن کاملMalware Analysis and Classification: A Survey
One of the major and serious threats on the Internet today is malicious software, often referred to as a malware. The malwares being designed by attackers are polymorphic and metamorphic which have the ability to change their code as they propagate. Moreover, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses which typically use signature bas...
متن کامل