DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
نویسندگان
چکیده مقاله:
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In this paper, a dynamic approach is proposed in order to extract features from binaries. The run-time behavior of the binary files were found and recorded using a homemade tool that provides a controlled environment. The approach based on DyVSoR assumes that the run-time behavior of each binary can be represented by the values of registers. A method to compute the similarity between two binaries based on the value sets of the registers is presented. Hence, the values are traced before and after invoked API calls in each binary and mapped to some vectors. To detect an unknown file, it is enough to compare it with dataset binaries by computing the distance between registers, content of this file and all binaries. This method could detect malicious samples with 96.1% accuracy and 4% false positive rate. The list of execution traces and the dataset are reachable at: http://home.shirazu.ac.ir/˷ sami/malware
منابع مشابه
translation of collocations from english into persian, based on ghazalas theory
غزالا همایندها را به صورت ترکیبی از دو یا چند واژه که همواره در متون مختلف زبان ها همراه با هم می آیند تعریف می نماید. از دیدگاه او روند رو به رشد میل به ترجمه ی همایندها در مطالعات ترجمه، به دلیل اهمیت آنها در انسجام ساختار زبان است. این پایان نامه اساسا به ترجمه ی همایندها منحصر شده است. هدف آن بررسی کاربرد راهکارهای غزالا در مورد ترجمه ی همایندها از انگلیسی به فارسی است. هدف دیگر آن یافتن پر...
15 صفحه اولExtracting Temporal Patterns from Interval-Based Sequences
Most of the sequential patterns extraction methods proposed so far deal with patterns composed of events linked by temporal relationships based on simple precedence between instants. In many real situations, some quantitative information about event duration or inter-event delay is necessary to discriminate phenomena. We propose the algorithm QTIPrefixSpan for extracting temporal patterns compo...
متن کاملDroidCat: Unified Dynamic Detection of Android Malware
Various dynamic approaches have been developed to detect or categorize Android malware. These approaches execute software, collect call traces, and then detect abnormal system calls or sensitive API usage. Consequently, attackers can evade these approaches by intentionally obfuscating those calls under focus. Additionally, existing approaches treat detection and categorization of malware as sep...
متن کاملBehaviour Based Malware Detection
This article looks at the future of antivirus technology in IT security, discussing some of the latest malware threats and counter developments. We specifically examine key developments in proactive malware detection based on real-time behavioural analysis, to combat 0-day threats.
متن کاملAndroid Malware Detection Based on System Calls
With Android being the most widespread mobile platform, protecting it against malicious applications is essential. Android users typically install applications from large remote repositories, which provides ample opportunities for malicious newcomers. In this paper, we propose a simple, and yet highly effective technique for detecting malicious Android applications on a repository level. Our te...
متن کاملImproving Malware Detection Accuracy by Extracting Icon Information
Detecting PE malware files is now commonly approached using statistical and machine learning models. While these models commonly use features extracted from the structure of PE files, we propose that icons from these files can also help better predict malware. We propose an innovative machine learning approach to extract information from icons. Our proposed approach consists of two steps: 1) ex...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ذخیره در منابع من قبلا به منابع من ذحیره شده{@ msg_add @}
عنوان ژورنال
دوره 5 شماره 1
صفحات 71- 82
تاریخ انتشار 2013-01-01
با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023