Feature representation and selection in malicious code detection methods based on static system calls

Computers and Security

Volumn 30, Issue 6-7, 2011, Pages 514-524

  Yuxin, Ding ^a   Xuebing, Yuan ^a   Di, Zhou ^a   Li, Dong ^a   Zhanchao, An ^a  

^a HARBIN INSTITUTE OF TECHNOLOGY   (China)

Author keywords

Malicious code; N gram; Security; Static detection; System call

Indexed keywords

MALICIOUS CODES; N-GRAM; SECURITY; STATIC DETECTION; SYSTEM CALLS;

BINARY SEQUENCES; DECISION TREES; FEATURE EXTRACTION; INTRUSION DETECTION; VIRUSES;

COMPUTER VIRUSES;

EID: 80051781512     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2011.05.007     Document Type: Article

References (26)

1. Abou-Assaleh T, Cercone N, Keselj V. Detection of new malicious code using n-grams signatures. In: Proceedings of second annual conference on privacy, security and trust, Brunswick, Canada; Oct. 2004a. p. 193-198.
2. Abou-Assaleh T, Keselj V, Sweid R. N-gram-based detection of new malicious code. In: 28th annual international computer software and applications conference, Hong Kong; Sept. 2004b. p. 41-46.
3. Bergeron J, Debbabi M, Desharnais J, Erhioui MM, Lavoie Y, Tawbi N. Static detection of malicious code in executable programs. In: Symposium on requirements engineering for information security (SREIS'01), Indianapolis, Indiana, USA; March 2001. p. 157-166.
4. Cha BR, Vaidya B, Han S. Anomaly intrusion detection for system call using the Soundex algorithm and neural networks. In: 10th IEEE symposium on computer and communications, Cartagena, Murcia, Spain; June 2005. p. 427-433. (Pubitemid 41543309)
5. Dash SK, Reddy KS, Pujari AK. Episode based Masquerade detection. In: Proceedings of 1st International conference on information systems security, Kolkata, India; December 2005. p. 251-262. (Pubitemid 43775412)
6. R.G. Finones, and R. Fernandez Solving the metamorphic puzzle Virus Bulletin March 2006 14 19
7. Forrest S, Hofmeyr SA, Somayaji A, Longstaf TA. A sense of self for Unix processes. In: Proceedings of the 1996 IEEE symposium on computer security and privacy, Oakland, USA; May 1996. p. 120-128.
8. S.A. Hex-Rays IDA pro introduction 2009 Available from: http://www.hex-rays.com/products.shtml/ (accessed 23.03.10)
9. Gregoire Jacob, Herve Debar, Eric Filiol. Malware behavioral detection by attribute-automata using abstraction from platform and language. In: Proceedings of 12th International symposium on recent advances in intrusion detection (RAID 2009), Saint-Malo, France; September 2009. p. 81-100.
10. Kang DK, Fuller D, Honavar V. Learning classifiers for Misuse and anomaly detection using a Bag of system calls representation. In: Workshop on information assurance and security United States military academy, West Point, NY; June 2005. p. 511-516. (Pubitemid 41314466)
11. J.Z. Kolter, and M.A. Maloof Learning to detect and classify malicious executables in the wild Journal of Machine Learning Research 7 2006 2721 2744 (Pubitemid 46011490)
12. Moskovitch R, Nissim N, Elovici Y. Malicious code detection and acquisition using active learning. In: IEEE international conference on intelligence and security information, New Brunswick, USA; May 2007. p. 371-377.
13. D. Mutz, F. Valeur, and G. Vigna Anomalous system call detection ACM Transaction on Information and System Security 9 1 Feb. 2006 61 93
14. netlux.org Malicious code samples 2009 Available from: http://vx.netlux.org/ (accessed 23.03.10)
15. Offensive Computing Malicious code samples 2005 Available from: http://www.offensivecomputing.net/ (accessed 23.03.10)
16. Peid Peid v0.94 Available From: 2007 http://www.peid.info/ (accessed 23.3.10)
17. Philippe B. Advanced metamorphic techniques in computer viruses. In: International Conference on computer, electrical, and systems science, and engineering (CESSE), Bangkok Thailand; Dec. 2007. p. 201-214.
18. D.K.S. Reddy, and A.K. Pujari N-gram analysis for new computer virus detection Journal in Computer Virology 2 3 2006 231 239 (Pubitemid 44777788)
19. Schultz MG, Eskin E, Zadok E, Stolfo SJ. Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE symposium on security and privacy, Oakland USA; May 2001. p. 38-49. (Pubitemid 32882625)
20. Sung AH, Xu J, Chavez P, Mukkamala S. Static analyzer of vicious executables. In: Proceedings of the 20th annual computer security applications conference (ACSAC), Tucson, USA; Dec. 2004. p. 326-334.
21. Varghese SM, Jacob KP. Process profiling using frequencies of system calls. In: The second international conference on availability, reliability and security, Vienna Austria; April 2007. p. 473-479. (Pubitemid 47304251)
22. Wang M, Zheng C, Yu JJ. Native API based windows anomaly intrusion detection method using SVM. In: Proceedings of the IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, Taiwan; June 2006. p. 514-519.
23. Y.F. Ye, D.D. Wang, and T. Li An intelligent PE-Malware detection system based on association mining Journal in Computer Virology 4 4 2008 323 334
24. D.Y. Yeung, and Y. Ding Host-based intrusion detection using dynamic and static behavioral models Pattern Recognition 36 1 2003 229 243
25. C. Yin, S. Tian, and S. Mu High-order Markov kernels for intrusion detection Neurocomputing 71 2008 3247 3252
26. Zhang BY, Yin JP, Tang WS, Hao JB, Zhang DX. Unknown malicious code detection based on rough set theory and support vector machine. In: 2006 international joint conference on neural networks, Vancouver, Canada; July 2006. p. 16-21.