Improving Malware Detection Response Time with Behavior-Based Statistical Analysis Techniques

Dumitru-Bogdan Prelipcean, Adrian-Stefan Popescu, Dragos Gavrilut
{"title":"Improving Malware Detection Response Time with Behavior-Based Statistical Analysis Techniques","authors":"Dumitru-Bogdan Prelipcean, Adrian-Stefan Popescu, Dragos Gavrilut","doi":"10.1109/SYNASC.2015.44","DOIUrl":null,"url":null,"abstract":"Detection of malicious software is a current problem which can be solved via several approaches. Among these are signature based detection, heuristic detection and behavioral analysis. In the last year the number of malicious files has increased exponentially. At the same time, automated obfuscation methods (used to generate malicious files with similar behavior but different aspect) have grown significantly. In response to these new obfuscation methods, many security vendors have introduced file reputation techniques to quickly find out potentially clean and malicious samples. In this paper we present a statistical based method that can be used to identify a specific dynamic behavior of a program. The main idea behind this solution is to analyze the execution flow of every file and to extract sequences of native system functions with a potential malign outcome. This technique is reliable against most forms of malware polymorphism and is intended to work as a filtering system for different automated detection systems. We use a database consisting of approximately 50.000 malicious files gathered over the last three months and almost 3.000.000 clean files collected for a period of 3 years. Our technique proved to be an effective filtering method and helped us improve our detection response time against the most prevalent malware families discovered in the last year.","PeriodicalId":6488,"journal":{"name":"2015 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"63 1","pages":"232-239"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC.2015.44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11

Abstract

Detection of malicious software is a current problem which can be solved via several approaches. Among these are signature based detection, heuristic detection and behavioral analysis. In the last year the number of malicious files has increased exponentially. At the same time, automated obfuscation methods (used to generate malicious files with similar behavior but different aspect) have grown significantly. In response to these new obfuscation methods, many security vendors have introduced file reputation techniques to quickly find out potentially clean and malicious samples. In this paper we present a statistical based method that can be used to identify a specific dynamic behavior of a program. The main idea behind this solution is to analyze the execution flow of every file and to extract sequences of native system functions with a potential malign outcome. This technique is reliable against most forms of malware polymorphism and is intended to work as a filtering system for different automated detection systems. We use a database consisting of approximately 50.000 malicious files gathered over the last three months and almost 3.000.000 clean files collected for a period of 3 years. Our technique proved to be an effective filtering method and helped us improve our detection response time against the most prevalent malware families discovered in the last year.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
利用基于行为的统计分析技术改进恶意软件检测响应时间
恶意软件的检测是当前的一个问题,可以通过几种方法来解决。其中包括基于签名的检测、启发式检测和行为分析。去年,恶意文件的数量呈指数级增长。与此同时,自动化混淆方法(用于生成具有相似行为但不同方面的恶意文件)也得到了显著发展。为了应对这些新的混淆方法,许多安全供应商引入了文件信誉技术来快速发现潜在的干净和恶意样本。在本文中,我们提出了一种基于统计的方法,可用于识别程序的特定动态行为。此解决方案背后的主要思想是分析每个文件的执行流,并提取具有潜在恶意结果的本机系统函数序列。该技术对大多数形式的恶意软件多态性是可靠的,并且旨在作为不同自动检测系统的过滤系统。我们使用的数据库由过去三个月收集的约50,000个恶意文件和近3年收集的近3,000,000个干净文件组成。我们的技术被证明是一种有效的过滤方法,并帮助我们提高了对去年发现的最流行的恶意软件家族的检测响应时间。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Incremental Reasoning on Strongly Distributed Multi-agent Systems Extensions over OpenCL for Latency Reduction and Critical Applications An Improved Upper-Bound Algorithm for Non-preemptive Task Scheduling Adaptations of the k-Means Algorithm to Community Detection in Parallel Environments Improving Malware Detection Response Time with Behavior-Based Statistical Analysis Techniques
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1