A Behavior Feature Generation Method for Obfuscated Malware Detection

Author

Wang, Rui ; Jia, Xiaoqi ; Nie, Chujiang

Author_Institution

State Key Lab. of Inf. Security, Inst. of Inf. Eng., Beijing, China

fYear

2012

fDate

11-13 Aug. 2012

Firstpage

470

Lastpage

474

Abstract

Detection based on features is most popular way to prevent malware these days. Current feature abstracting and matching methods are susceptible to obfuscation techniques, and cannot deal with the variants which are emerging quickly. This paper proposes a malware feature extracting method based on its behaviors. This method can abstract the critical behaviors of malware and the dependencies between them through dynamic analysis, and generate the features to defeat malware obfuscations considering semantic irrelevancy and semantic equivalency to improve the describing capabilities of the malware features. This paper also designs a corresponding detecting method based on these features. The experiment results show that our method is more resilient to malware obfuscation techniques, especially for real world malware variants.

Keywords

feature extraction; invasive software; program diagnostics; behavior feature generation method; dynamic analysis; feature abstracting; feature based detection; feature matching; malware critical behavior abstraction; malware feature extraction method; malware prevention; malware variants; obfuscated malware detection; obfuscation technique; semantic equivalency; semantic irrelevancy; Abstracts; Engines; Feature extraction; Libraries; Malware; Prototypes; Semantics; behavior dependency; dynamic taint analysis; feature exstracting; malware; semantic analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science & Service System (CSSS), 2012 International Conference on

Conference_Location

Nanjing

Print_ISBN

978-1-4673-0721-5

Type

conf

DOI

10.1109/CSSS.2012.124

Filename

6394362