Huabiao Lu, Xiaofeng Wang, Baokang Zhao, Fei Wang, Jinshu Su
{"title":"ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences","authors":"Huabiao Lu, Xiaofeng Wang, Baokang Zhao, Fei Wang, Jinshu Su","doi":"10.1016/j.mcm.2013.03.008","DOIUrl":null,"url":null,"abstract":"<div><p>Malware obfuscation obscures malware into different versions, making traditional syntactic nature based detection ineffective. Furthermore, with the huge and exponentially growing number of malware samples, existing malware detection systems are either evaded by malware obfuscation, or overwhelmed by numerous malware samples. This paper proposes an anti-obfuscation, scalable and collaborative malware detection system—ENDMal. ENDMal identifies the program that behaves suspiciously in end-hosts and similarly between a group of suspicious programs in a wide area as malicious. We present the Iterative Sequence Alignment (ISA) method to defeat malware obfuscation. Instead of using complex behavior graph, we propose the Handle dependences and Probabilistic Ordering Dependence (HPOD) technology to represent the program behaviors. In addition, we design a novel information sharing infrastructure, RENShare, to collaboratively congregate the group characteristics of programs spreading over different network areas. Our experimental results show that ENDMal can detect unknown malwares much faster than the centralized detection system and is more effective than the existing distributed detection system.</p></div>","PeriodicalId":49872,"journal":{"name":"Mathematical and Computer Modelling","volume":"58 5","pages":"Pages 1140-1154"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.mcm.2013.03.008","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mathematical and Computer Modelling","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0895717713001064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Malware obfuscation obscures malware into different versions, making traditional syntactic nature based detection ineffective. Furthermore, with the huge and exponentially growing number of malware samples, existing malware detection systems are either evaded by malware obfuscation, or overwhelmed by numerous malware samples. This paper proposes an anti-obfuscation, scalable and collaborative malware detection system—ENDMal. ENDMal identifies the program that behaves suspiciously in end-hosts and similarly between a group of suspicious programs in a wide area as malicious. We present the Iterative Sequence Alignment (ISA) method to defeat malware obfuscation. Instead of using complex behavior graph, we propose the Handle dependences and Probabilistic Ordering Dependence (HPOD) technology to represent the program behaviors. In addition, we design a novel information sharing infrastructure, RENShare, to collaboratively congregate the group characteristics of programs spreading over different network areas. Our experimental results show that ENDMal can detect unknown malwares much faster than the centralized detection system and is more effective than the existing distributed detection system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
