Malware detection with quantitative data flow graphs

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 271-282

  Wüchner, Tobias ^a   Ochoa, Martín ^a   Pretschner, Alexander ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Behavioral malware analysis; Data flow tracking; Intrusion detection; Malware detection; Quantitative data flows

Indexed keywords

COMPUTER CRIME; DATA FLOW GRAPHS; DATA TRANSFER; FLOW GRAPHS; GRAPHIC METHODS; INTRUSION DETECTION; MALWARE; WINDOWS OPERATING SYSTEM;

DATA FLOW TRACKING; FALSE POSITIVE RATES; INCREMENTAL CONSTRUCTION; MALWARE ANALYSIS; MALWARE DETECTION; MALWARE FAMILIES; QUANTITATIVE DATA; SYSTEM REGISTRIES;

DATA FLOW ANALYSIS;

EID: 84984905603     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590319     Document Type: Conference Paper

References (33)

1. S. Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 3(3):186-205, 2000.
2. U. Bayer. Large-Scale Dynamic Malware Analysis. PhD thesis, Technische Universität Wien, 2009.
3. J.-M. Borello and L. Me. Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology, pages 211-220, 2008.
4. M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In Proceedings of the 1st India Software Engineering Conference, pages 5-14, 2008.
5. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-Aware Malware Detection. 2005 IEEE Symposium on Security and Privacy (S&P'05), pages 32-46, 2005.
6. G. Creech and J. Hu. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. Computers, IEEE Transactions on, pages 1-1, 2013.
7. M. Egele, T. Scholte, E. Kirda, and C. Kruegel. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), page 6, 2012.
8. K. O. Elish, D. Yao, and B. G. Ryder. User-centric dependence analysis for identifying malicious mobile apps. In Workshop on Mobile Security Technologies, 2012.
9. S. Forrest, S. Hofmeyr, a. Somayaji, and T. Longstaff. A sense of self for Unix processes. Proceedings of Symposium on Security and Privacy, pages 120-128, 1996.
10. M. Fredrikson, M. Christodorescu, J. Giffin, and S. Jhas. A declarative framework for intrusion analysis. In Cyber Situational Awareness, pages 179-200. 2010.
11. M. Fredrikson, M. Christodorescu, and S. Jha. Dynamic behavior matching: A complexity analysis and new approximation algorithms. Automated Deduction-CADE-23, pages 252-267, 2011.
12. M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan. Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors. 2010 IEEE Symposium on Security and Privacy, pages 45-60, 2010.
13. A. K. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In Proceedings of the 1st Conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1, pages 6-6, 1999.
14. S. T. King and P. M. Chen. Backtracking intrusions. In ACM SIGOPS Operating Systems Review, pages 223-236, 2003.
15. E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. A. Kemmerer. Behavior-based spyware detection. In Proceedings of the 15th Conference on USENIX Security Symposium, 2006.
16. C. Kolbitsch and P. Comparetti. Effective and Efficient Malware Detection at the End Host. USENIX, 2009.
17. A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda. Accessminer: Using system-centric models for malware protection. In Proceedings of the 17th ACM Conference on Computer and Communications Security, pages 399-412, 2010.
18. J. Lee, K. Jeong, and H. Lee. Detecting metamorphic malwares using code graphs. Proceedings of the 2010 ACM Symposium on Applied Computing, 2010.
19. W. Lee, S. J. Stolfo, and P. K. Chan. Learning patterns from unix process execution traces for intrusion detection. In AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pages 50-56, 1997.
20. P. O'Kane, S. Sezer, and K. McLaughlin. Obfuscation: The hidden malware. Security Privacy, IEEE, 2011.
21. Y. Park and D. Reeves. Deriving common malware behavior through graph clustering. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.
22. Y. Park, D. S. Reeves, and M. Stamp. Deriving common malware behavior through graph clustering. Computers & Security, 2013.
23. M. Preda, M. Christodorescu, S. Jha, and S. Debray. A semantics-based approach to malware detection. ACM SIGPLAN Notices, pages 1-12, 2007.
24. T. Raffetseder, C. Krügel, and E. Kirda. Detecting system emulators. In Information Security, pages 1-18. 2007.
25. K. Rieck, P. Trinius, C. Willems, and T. Holz. Automatic analysis of malware behavior using machine learning. Journal of Computer Security, pages 639-668, 2011.
26. C. Rossow, C. Dietrich, and H. Bos. Large-scale analysis of malware downloaders. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 42-61. 2013.
27. M. I. Sharif, A. Lanzi, J. T. Giffin, and W. Lee. Impeding malware analysis using conditional code obfuscation. In NDSS, 2008.
28. Symantec. Malware database, Nov. 2013.
29. P. Szor. The Art of Computer Virus Research and Defense. 2005.
30. C. Wressnegger, G. Schwenk, D. Arp, and K. Rieck. A close look on n-grams in intrusion detection: anomaly detection vs. classification. In Proceedings of the 2013 ACM workshop on Artificial intelligence and security, pages 67-76, 2013.
31. T. Wüchner and A. Pretschner. Data loss prevention based on data-driven usage control. In Software Reliability Engineering (ISSRE), 2012 IEEE 23rd International Symposium on, pages 151-160, Nov 2012.
32. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 116-127, 2007.
33. I. You and K. Yim. Malware obfuscation techniques: A brief survey. In Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference on, pages 297-300, 2010.