Title :
A Novel Approach to Malicious Executables Detection and Containment Based on Distributed System Architecture
Author :
Liu, Zhi ; Zhang, Xiaosong
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China (UESTC), Chengdu
Abstract :
Malicious executables have become a major threat to the integrity of hosts and the privacy of users, however, traditional manual analysis and containment does not scale to increasing unknown malware/variants. This paper proposes a novel approach that combines behavioral and content-based fingerprints, which scales to unknown malicious executables in an automated fashion. Our approach first extracts behavioral features to train classifiers using data mining techniques that can distinguish malicious and benign executables, and then host level agents are introduced to block the execution of malware instances with their content-based fingerprints. To increase accuracy, an algorithm is proposed that applies a classifier to raw audit data as well as observes the executions of malware in virtualized environments. Moreover, distributed system architecture is used to optimize efficiency and real-time containment. Experiment results show good performance with high accuracy and low overhead.
Keywords :
data mining; fingerprint identification; invasive software; pattern classification; software architecture; user interfaces; virtual reality; classifiers; content-based fingerprints; data mining; distributed system architecture; malicious executables containment; malicious executables detection; malware; user privacy; virtualized environments; Computer architecture; Computer science; Data mining; Distributed computing; Feature extraction; Fingerprint recognition; Intrusion detection; Manuals; Operating systems; Privacy;
Conference_Titel :
Natural Computation, 2008. ICNC '08. Fourth International Conference on
Conference_Location :
Jinan
Print_ISBN :
978-0-7695-3304-9
DOI :
10.1109/ICNC.2008.648
