Control flow-based opcode behavior analysis for Malware detection

Computers and Security

Volumn 44, Issue , 2014, Pages 65-74

  Ding, Yuxin ^a   Dai, Wei ^a   Yan, Shengli ^a   Zhang, Yumei ^b  

^a SHENZHEN UNIVERSITY   (China)

^b INSTITUTE OF GEOLOGY AND GEOPHYSICS   (China)

Author keywords

Classification; Control flow graph; Machine learning; Malicious code detection; Opcode sequence; Security

Indexed keywords

ARTIFICIAL INTELLIGENCE; CLASSIFICATION (OF INFORMATION); COMPUTER CRIME; DATA FLOW ANALYSIS; LEARNING SYSTEMS; NETWORK SECURITY;

BEHAVIOR CHARACTERISTIC; COMPARATIVE STUDIES; CONTROL FLOW GRAPHS; FALSE POSITIVE RATES; MALICIOUS CODE DETECTION; OP-CODE SEQUENCE; OVERALL ACCURACIES; SECURITY;

MALWARE;

EID: 84902256384     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.04.003     Document Type: Article

References (26)

1. S. Amari, and S. Wu Improving support vector machine classifiers by modifying kernel functions Neural Netw 12 1999 783 789 (Pubitemid 29359218)
2. Daniel Bilar Opcodes as predictor for malware Int J Electron Secur Digital Forensics 1 2 2007 156 168
3. B.R. Cha, B. Vaidya, and S. Han Anomaly intrusion detection for system call using the Soundex algorithm and Neural networks 10th IEEE symposium on Computer and communications, Cartagena, Murcia, Spain June 2005 427 433 (Pubitemid 41543309)
4. S.K. Dash, K.S. Reddy, and A.K. Pujari Episode based Masquerade detection Proceedings of 1st International Conference on information systems security, Kolkata, India December 2005 251 262 (Pubitemid 43775412)
5. Y. Ding, X. Yuan, D. Zhou, L. Dong, and Z. An Feature representation and selection in malicious code detection methods based on static system calls Comput Secur 30 2011 514 524
6. Y. Ding, X. Yuan, K. Tang, X. Xiao, and Y. Zhang A fast malware detection algorithm based on objective-oriented association mining Comput Secur 39 2013 315 324
7. S. Forrest, S.A. Hofmeyr, and T.A. Longstaf A sense of self for unix processes Proceedings of the 1996 IEEE symposium on computer Security and Privacy, Oakland, USA 1996 120 128
8. S. Garner Weka: the Waikato environment for knowledge analysis Proceedings of the 1995 New Zealand computer science research Students Conference, New Zealand 1995 57 64
9. Hex-Rays SA IDA pro Introduction 2009 [Available from] http://www.hex-rays.com/products.shtml/ [accessed 23.03.10]
10. S. Igor, B. Felix, U.P. Xabier, and G.B. Pablo Opcode sequences as representation of executables for data-mining-based unknown malware detection Information.Science 231 2013 64 82
11. J.Z. Kolter, and M.A. Maloof Learning to detect malicious executables in the wild Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York; 2004 2004 470 478 (Pubitemid 40114957)
12. Christopher D. Manning, and Hinrich Schütze Foundations of statistical natural language processing 1999 MIT Press 0-262-13360-1
13. Tom M. Mitchell Machine learning 1997 McGraw-Hill 0070428077
14. R. Moskovitch, N. Nissim, and Y. Elovici Malicious code detection and acquisition using active learning IEEE International Conference on Intelligence and security information, New Brunsw USA May 2007 371 377
15. D. Mutz, F. Valeur, and G. Vigna Anomalous system call detection ACM Transaction Information Syst Secur 9 1 Feb. 2006 61 93
16. netlux.org. (2009). Malicious code samples available from: http://vx.netlux.org/ (accessed 23.03.10).
17. Offensive Computing. (2005). Malicious code samples available from: http://www.offensivecomputing.net/ (accessed 23.03.10).
18. Peid Peid v0.94 2007 [Available from] http://www.peid.info/ [accessed 23.03.10]
19. M. Robert, F. Clint, T. Nir, B. Eugene, G. Marina, and D. Shlomi et al. Unknown Malcode detection using opcode Representation[C] Proceedings of the 1st European Conference on Intelligence and Security Informatics(EuroISI) 2008 204 215
20. G. Salton, and C. Buckley Term-weighting approaches in automatic text retrieval Information Process Manag 24 5 1988 513 523
21. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer Detection of malicious code by applying machine learning classifiers on static features - a State-of-the-Art Survey Inf Secur Tech Rep 14 1 2009 16 29
22. S.M. Varghese, and K.P. Jacob Process Profiling using frequencies of System Calls The Second International Conference on Availability, Reliability and Security, Vienna Austria April 2007 473 479 (Pubitemid 47304251)
23. D.Y. Yeung, and Y. Ding Host-based intrusion detection using dynamic and static behavioral models Pattern Recognit 36 1 2003 229 243
24. C. Yin, S. Tian, and S. Mu High-order Markov kernels for intrusion detection Neurocomputing 71 2008 3247 3252
25. B.Y. Zhang, J.P. Yin, W.S. Tang, and J. Hao Unknown malicious codes Detection Based on Rough Set Theory and Support Vector Machine International Joint Conference on Neural Networks Sheraton Vancouver Wall Centre Hotel, Vancouver, BC, Canada July 2006 16 21
26. Z. Zhao, J. Wang, and J. Bai Malware detection method based on the control-flow construct feature of software Inf Secur IET 8 1 2014 18 24