Improving malware classification: Bridging the static/dynamic gap

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 3-14

  Anderson, Blake ^a   Storlie, Curtis ^a   Lane, Terran ^b  

^a LOS ALAMOS NATIONAL LABORATORY   (United States)

^b UNIVERSITY OF NEW MEXICO   (United States)

Author keywords

Computer Security; Machine Learning; Malware; Multiple Kernel Learning

Indexed keywords

CLASSIFICATION ACCURACY; CLASSIFICATION FRAMEWORK; CLASSIFICATION SYSTEM; DATA-SOURCES; DYNAMIC DETECTION; DYNAMIC FEATURES; MALWARES; MULTIPLE KERNEL LEARNING; RESEARCH COMMUNITIES; SIMILARITY METRICS; STATIC AND DYNAMIC; UNIFIED FRAMEWORK;

ARTIFICIAL INTELLIGENCE; COMPUTER VIRUSES; LEARNING SYSTEMS; SECURITY OF DATA; SUPPORT VECTOR MACHINES;

LEARNING ALGORITHMS;

EID: 84869822279     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2381896.2381900     Document Type: Conference Paper

References (51)

1. Offensive Computing. http://www.offensivecomputing.net/, Accessed June 2011.
2. Virus Total. http://www.virustotal.com/, Accessed October 2011.
3. Portable Executable iDentifier. http://peid.info/, Accessed 6 October 2011.
4. Blake Anderson, Daniel Quist, Joshua Neil, Curtis Storlie, and Terran Lane. Graph-Based Malware Detection using Dynamic Analysis. Journal in Computer Virology, 7:247-258, 2011.
5. Anubis. http://anubis.iseclab.org/, 2009.
6. Francis R. Bach, Gert R. G. Lanckriet, and Michael I. Jordan. Multiple Kernel Learning, Conic Duality, and the SMO Algorithm. In Proceedings of the Twenty-First International Conference on Machine Learning. ACM, 2004.
7. Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 164-177. ACM, 2003.
8. Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda. Scalable, Behavior-Based Malware Clustering. In ISOC Network and Distributed System Security Symposium. 2009.
9. Ulrich Bayer, Andreas Moser, Christopher Kruegel, and Engin Kirda. Dynamic Analysis of Malicious Code. Journal in Computer Virology, 2:67-77, 2006.
10. Daniel Bilar. Opcodes as Predictor for Malware. International Journal of Electronic Security and Digital Forensics, 1:156-168, January 2007.
11. Christopher M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006.
12. Christopher J. C. Burges. A Tutorial on Support Vector Machines for Pattern Recognition. Data Mining and Knowledge Discovery, 2:121-167, 1998.
13. Mihai Christodorescu and Somesh Jha. Static Analysis of Executables to Detect Malicious Patterns. In Proceedings of the 12th USENIX Security Symposium, pages 169-186, 2003.
14. Jianyong Dai, Ratan Guha, and Joohan Lee. Efficient Virus Detection Using Dynamic Instruction Sequences. Journal of Computers, 4(5), 2009.
15. Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. Ether: Malware Analysis Via Hardware Virtualization Extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 51-62, 2008.
16. J. A. Hartigan and M. A. Wong. Algorithm AS 136: A K-Means Clustering Algorithm. Journal of the Royal Statistical Society. Series C (Applied Statistics), 28(1):100-108, 1979.
17. R. Hettich and K. O. Kortanek. Semi-Infinite Programming: Theory, Methods, and Applications. SIAM Review, 35:380-429, September 1993.
18. Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 6(3):151-180, January 1998.
19. Md. Karim, Andrew Walenstein, Arun Lakhotia, and Laxmi Parida. Malware Phylogeny Generation Using Permutations of Code. Journal in Computer Virology, 1:13-23, 2005.
20. H. Kashima, K. Tsuda, and A. Inokuchi. Kernels for Graphs. MIT Press, 2004.
21. J. Zico Kolter and Marcus A. Maloof. Learning to Detect and Classify Malicious Executables in the Wild. The Journal of Machine Learning Research, 7:2721-2744, December 2006.
22. Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In Recent Advances in Intrusion Detection, pages 207-226. Springer Berlin / Heidelberg, 2006.
23. G. Jacob L. Nataraj, S. Karthikeyan and B. Manjunath. Malware Images: Visualization and Automatic Classiïň , Acation. In Proceedings of VizSec, 2011.
24. Corrado Leita, Ulrich Bayer, and Engin Kirda. Exploiting Diverse Observation Perspectives to get Insights on the Malware Landscape. In 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, pages 393-402, 2010.
25. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 190-200, June 2005.
26. Ulrike Luxburg. A Tutorial on Spectral Clustering. Statistics and Computing, 17(4):395-416, 2007.
27. Robert Lyda and James Hamrock. Using Entropy Analysis to Find Encrypted and Packed Malware. IEEE Security & Privacy, 5(2):40-45, 2007.
28. Eitan Menahem, Asaf Shabtai, Lior Rokach, and Yuval Elovici. Improving Malware Detection by Applying Multi-Inducer Ensemble. Computational Statistics and Data Analysis, 53(4):1483-1494, 2009.
29. Andreas Moser, Christopher Kruegel, and Engin Kirda. Limits of Static Analysis for Malware Detection. Computer Security Applications Conference, Annual, 0:421-430, 2007.
30. Jon Oberheide, Evan Cooke, and Farnam Jahanian. CloudAV: N-version Antivirus in the Network Cloud. In Proceedings of the 17th Conference on Security Symposium, pages 91-106, 2008.
31. Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian. Virtualized In-Cloud Security Services for Mobile Devices. In Proceedings of the First Workshop on Virtualization in Mobile Computing, MobiVirt, pages 31-35. ACM, 2008.
32. Roberto Perdisci, David Dagon, Prahlad Fogla, and Monirul Sharif. Misleading Worm Signature Generators Using Deliberate Noise Injection. In In Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 17-31, 2006.
33. IDA Pro. http://www.hex-rays.com/products/ida/index.shtml, 2012.
34. Daniel Quist, Lorie Liebrock, and Joshua Neil. Improving Antivirus Accuracy with Hypervisor Assisted Analysis. Journal in Computer Virology, pages 1-11, 2010.
35. Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick D'Aijssel, and Pavel Laskov. Learning and Classification of Malware Behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment, volume 5137 of Lecture Notes in Computer Science, pages 108-125. Springer Berlin / Heidelberg, 2008.
36. Paul Royal, Mitch Halpin, David Dagon, Robert Edmonds, and Wenke Lee. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. In 22nd Annual Computer Security Applications Conference (ACSAC), pages 289-300, 2006.
37. Bernhard Schölkopf and Alexander Johannes Smola. Learning with Kernels. MIT Press, 2002.
38. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In IEEE Symposium on Security and Privacy, pages 144-155, 2001.
39. M. Shafiq, Syed Khayam, and Muddassar Farooq. Embedded Malware Detection Using Markov n-Grams. In Detection of Intrusions and Malware, and Vulnerability Assessment, volume 5137 of Lecture Notes in Computer Science, pages 88-107. Springer Berlin / Heidelberg, 2008.
40. Madhu Shankarapani, Subbu Ramamoorthy, Ram Movva, and Srinivas Mukkamala. Malware Detection Using Assembly and API Call Sequences. Journal in Computer Virology, 7(2):1-13, 2010.
41. Nino Shervashidze, S. V. N. Vishwanathan, Tobias H. Petri, Kurt Mehlhorn, and Karsten M. Borgwardt. Efficient Graphlet Kernels for Large Graph Comparison. In Proceedings of the Twelfth International Conference on Artificial Intelligence and Statistics (AISTATS), volume 5, pages 488-495. CSAIL, 2009.
42. Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Information Systems Security, volume 5352 of Lecture Notes in Computer Science, pages 1-25. Springer Berlin / Heidelberg, 2008.
43. Sören Sonnenburg, Gunnar Raetsch, and Christin Schaefer. A General and Efficient Multiple Kernel Learning Algorithm. Nineteenth Annual Conference on Neural Information Processing Systems, 2005.
44. Sören Sonnenburg, Gunnar Rätsch, Sebastian Henschel, Christian Widmer, Jonas Behr, Alexander Zien, Fabio de Bona, Alexander Binder, Christian Gehl, and Vojtěch Franc. The SHOGUN Machine Learning Toolbox. The Journal of Machine Learning Research, 99:1799-1802, August 2010.
45. Salvatore Stolfo, Ke Wang, and Wei-Jen Li. Towards Stealthy Malware Detection. In Malware Detection, volume 27 of Advances in Information Security, pages 231-249. Springer US, 2007.
46. Salvatore J. Stolfo, Ke Wang, and Wei-Jen Li. Fileprint Analysis for Malware Detection. In ACM Workshop on Recurring/Rapid Malcode, 2005.
47. Symantec. Internet Security Threat Report, Volume 16. White Paper, April 2011.
48. The Silicon Realms Toolworks. Armadillo Software Protection System. http://www.siliconrealms.com/, Accessed 6 October 2011.
49. UPX: The Ultimate Packer for eXecutables. http://upx.sourceforge.net/, Accessed 6 October 2011.
50. Yanfang Ye, Tao Li, Shenghuo Zhu, Weiwei Zhuang, Egmen Tas, Umesh Gupta, and Melih Abdulhayoglu. Combining File Content and File Relations for Cloud Based Malware Detection. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2011.
51. Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 116-127. ACM, 2007.