Title :
Mining distinguishing patterns based on malware traces
Author :
Sun, Xiaoyan ; Huang, Qian ; Zhu, Yuefei ; Guo, Ning
Author_Institution :
Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China
Abstract :
The automatic generation of malicious behavior pattern based on system call trace is important to malware detection. This paper studied the existing generation method of malicious behavior specification. In order to reduce the complexity of pattern generation, it constructs graph which vertex label is unique, and uses these graphs to mine the pattern. To address the issue of limitation of the minimal contrast subgraph mining method, it uses multiple positive and negative samples, and proposes a mining method to mine distinguishing patterns based on mutual information. It designs the overall framework of mining process, and gives the mining algorithm. Finally, validation results demonstrate the effectiveness.
Keywords :
Internet; computational complexity; data mining; graph theory; invasive software; pattern recognition; distinguishing pattern mining; graph construction; malicious behavior; malware detection; malware traces; pattern generation; vertex label; Feature extraction; Distinguishing Pattern; Malicious behavior; Mutual Information; Subgraph Mining; System Call Trace;
Conference_Titel :
Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-5537-9
DOI :
10.1109/ICCSIT.2010.5565105
