Helen-Maria Dounavi, Anna Mpanti, Stavros D. Nikolopoulos, Iosif Polenakis
{"title":"Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs","authors":"Helen-Maria Dounavi, Anna Mpanti, Stavros D. Nikolopoulos, Iosif Polenakis","doi":"10.1145/3472410.3472417","DOIUrl":null,"url":null,"abstract":"In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.","PeriodicalId":115575,"journal":{"name":"Proceedings of the 22nd International Conference on Computer Systems and Technologies","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 22nd International Conference on Computer Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3472410.3472417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
