A graph mining approach for detecting unknown malwares

Journal of Visual Languages and Computing

Volumn 23, Issue 3, 2012, Pages 154-162

  Eskandari, Mojtaba ^a   Hashemi, Sattar ^a  

^a SHIRAZ UNIVERSITY   (Iran)

Author keywords

API; CFG; Detection; Malware; PE file; Unknown malwares

Indexed keywords

EID: 84859034694     PISSN: 1045926X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jvlc.2012.02.002     Document Type: Article

References (39)

1. Abadi M., Budiu M., Erlingsson U., Ligatti J. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC) 2009, 13(1):4.
2. W. Ai, P. Langley, Induction of one-level decision trees, in: Proceedings of the Ninth International Conference on Machine Learning, Citeseer, 1992.
3. W. Arnold, G. Sorkin, Automated Analysis of Computer Viruses, 1996.
4. J. Bergeron, M. Debbabi, M. Erhioui, B. Ktari, Static analysis of binary code to isolate malicious behaviors, in: IEEE Eighth International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. (WET ICE'99) Proceedings, IEEE, 1999, pp. 184-189.
5. Bonfante G., Kaczmarek M., Marion J. Architecture of a morphological malware detector. Journal in Computer Virology 2009, 5(3):263-270.
6. G. Bonfante, M. Kaczmarek, J. Marion, et al., Control Flow to Detect Malware, 2007.
7. Breiman L. Random forests. Machine Learning 2001, 45(1):5-32.
8. Bruschi D., Martignoni L., Monga M. Detecting self-mutating malware using control-flow graph matching. Detection of Intrusions and Malware & Vulnerability Assessment 2006, 129-143.
9. S. Cesare, Y. Xiang, A fast flowgraph based classification system for packed and polymorphic malware on the endhost, in: 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), IEEE, 2010, pp. 721-728.
10. F. Chen, Y. Fu, Dynamic detection of unknown malicious executables base on api interception, in: First International Workshop on Database Technology and Applications, IEEE, 2009, pp. 329-332.
11. J. Cleary, L. Trigg, K*: an instance-based learner using an entropic distance measure, in: International Workshop then Conference on Machine Learning, Morgan Kaufmann Publishers, Inc., 1995, pp. 108-114.
12. Dai J., Guha R., Lee J. Efficient virus detection using dynamic instruction sequences. Journal of Computers 2009, 4(5):405-414.
13. Dietterich T. An experimental comparison of three methods for constructing ensembles of decision trees: bagging, boosting, and randomization. Machine Learning 2000, 40(2):139-157.
14. Dodd L., Pepe M. Partial auc estimation and regression. Biometrics 2003, 59(3):614-623.
15. Dullien T., Rolles R. Graph-based comparison of executable objects (English version). Symposium sur la sécurité des technologies de l'information et des communications 2005, 5:1-3.
16. Gao D., Reiter M., Song D. Binhunt: automatically finding semantic differences in binary programs. Information and Communications Security 2008, 238-255.
17. Harley D. Making Sense of Anti-malware Comparative Testing. Information Security Technical Report 2009, 14(1):7-15.
18. Hofmeyr S., Forrest S., Somayaji A. Intrusion detection using sequences of system calls. Journal of Computer Security 1998, 6(3):151-180.
19. K. Jeong, H. Lee, Code graph for malware detection, in: International Conference on Information Networking. ICOIN 2008, IEEE, 2008, pp. 1-5.
20. J. Kephart, W. Arnold, Automatic extraction of computer virus signatures, in: Fourth Virus Bulletin International Conference, 1994, pp. 178-184.
21. D. Kienzle, M. Elder, Recent worms: a survey and trends, in: Proceedings of the 2003 ACM workshop on Rapid Malcode, ACM, 2003, pp. 1-10.
22. Lewis D. Naive (Bayes) at forty: the independence assumption in information retrieval. Machine Learning: ECML 1998, 98:4-15.
23. A. Moser, C. Kruegel, E. Kirda, Limits of static analysis for malware detection, in: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, IEEE, 2007, pp. 421-430.
24. G. Necula, Proof-carrying code, in: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM, 1997, pp. 106-119.
25. Paxson V. Bro: a system for detecting network intruders in real-time. Computer Networks 1999, 31(23-24):2435-2463.
26. Picard R., Cook R. Cross-validation of regression models. Journal of the American Statistical Association 1984, 575-583.
27. J. Platt, Fast Training of Support Vector Machines Using Sequential Minimal Optimization, 1998.
28. Reddy D., Dash S., Pujari A. New malicious code detection using variable length n-grams. Information Systems Security 2006, 276-288.
29. Reddy D., Pujari A. n-Gram analysis for computer virus detection. Journal in Computer Virology 2006, 2(3):231-239.
30. V. Sathyanarayan, P. Kohli, B. Bruhadeshwar, Signature generation and detection of malware families, in: Information Security and Privacy, Springer, 2008, pp. 336-349.
31. Shabtai A., Moskovitch R., Elovici Y., Glezer C. Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Information Security Technical Report 2009, 14(1):16-29.
32. Stolfo S., Wang K., Li W. Towards stealthy malware detection. Malware Detection 2007, 231-249.
33. P. Ször, P. Ferrie, Hunting for metamorphic, in: Virus Bulletin Conference, 2001.
34. Tesauro G., Kephart J., Sorkin G. Neural networks for computer virus recognition. IEEE Expert 1996, 11(4):5-6.
35. P.-E. Tool, 2011. 〈〉. http://www.pe-explorer.com/peexplorer-tour-disassembler.htm.
36. T. Tran, K. Alsubhi, A Comprehensive Survey on Malware and Malware Detection Techniques, CS 854-Hot Topics in Computer and Communications Security Project Report, 2006.
37. P. Vinod, V. Laxmi, M. Gaur, G. Kumar, Y. Chundawat, Static cfg analyzer for metamorphic malware code, in: Proceedings of the Second International Conference on Security of Information and Networks, ACM, 2009, pp. 225-228.
38. J. Xu, A. Sung, P. Chavez, S. Mukkamala, Polymorphic malicious executable scanner by api sequence analysis, in: Fourth International Conference on Hybrid Intelligent Systems. HIS'04, IEEE, 2004, pp. 378-383.
39. Ye Y., Wang D., Li T., Ye D., Jiang Q. An intelligent pe-malware detection system based on association mining. Journal in Computer Virology 2008, 4(4):323-334.