Mining distinguishing patterns based on malware traces

Author

Sun, Xiaoyan ; Huang, Qian ; Zhu, Yuefei ; Guo, Ning

Author_Institution

Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China

Volume

2

fYear

2010

fDate

9-11 July 2010

Firstpage

677

Lastpage

681

Abstract

The automatic generation of malicious behavior pattern based on system call trace is important to malware detection. This paper studied the existing generation method of malicious behavior specification. In order to reduce the complexity of pattern generation, it constructs graph which vertex label is unique, and uses these graphs to mine the pattern. To address the issue of limitation of the minimal contrast subgraph mining method, it uses multiple positive and negative samples, and proposes a mining method to mine distinguishing patterns based on mutual information. It designs the overall framework of mining process, and gives the mining algorithm. Finally, validation results demonstrate the effectiveness.

Keywords

Internet; computational complexity; data mining; graph theory; invasive software; pattern recognition; distinguishing pattern mining; graph construction; malicious behavior; malware detection; malware traces; pattern generation; vertex label; Feature extraction; Distinguishing Pattern; Malicious behavior; Mutual Information; Subgraph Mining; System Call Trace;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4244-5537-9

Type

conf

DOI

10.1109/ICCSIT.2010.5565105

Filename

5565105