Title :
A Behavior Feature Generation Method for Obfuscated Malware Detection
Author :
Wang, Rui ; Jia, Xiaoqi ; Nie, Chujiang
Author_Institution :
State Key Lab. of Inf. Security, Inst. of Inf. Eng., Beijing, China
Abstract :
Detection based on features is most popular way to prevent malware these days. Current feature abstracting and matching methods are susceptible to obfuscation techniques, and cannot deal with the variants which are emerging quickly. This paper proposes a malware feature extracting method based on its behaviors. This method can abstract the critical behaviors of malware and the dependencies between them through dynamic analysis, and generate the features to defeat malware obfuscations considering semantic irrelevancy and semantic equivalency to improve the describing capabilities of the malware features. This paper also designs a corresponding detecting method based on these features. The experiment results show that our method is more resilient to malware obfuscation techniques, especially for real world malware variants.
Keywords :
feature extraction; invasive software; program diagnostics; behavior feature generation method; dynamic analysis; feature abstracting; feature based detection; feature matching; malware critical behavior abstraction; malware feature extraction method; malware prevention; malware variants; obfuscated malware detection; obfuscation technique; semantic equivalency; semantic irrelevancy; Abstracts; Engines; Feature extraction; Libraries; Malware; Prototypes; Semantics; behavior dependency; dynamic taint analysis; feature exstracting; malware; semantic analysis;
Conference_Titel :
Computer Science & Service System (CSSS), 2012 International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4673-0721-5
DOI :
10.1109/CSSS.2012.124
