Title :
Malware Obfuscation Detection via Maximal Patterns
Author :
Li, Jian ; Xu, Ming ; Zheng, Ning ; Xu, Jian
Author_Institution :
Inst. of Comput. Applic. Technol., Hangzhou Dianzi Univ., Hangzhou, China
Abstract :
Malware obfuscation is defined as a program transformation. It is always used in malware to evade detection from anti-malware software. In this paper, we propose a method to detect malware obfuscation using maximal patterns. Maximal pattern is a subsequence in malware´s runtime system call sequence, which frequently appears in program execution, and can be used to describe the program specific behavior. The maximal pattern sequence is extracted from the malware´s runtime system calls, and the similarity between two pattern sequences will be measured by evolutionary similarity. Based on the real-world malwares test data, the experiment results have shown that our method can efficiently detect malware obfuscation.
Keywords :
invasive software; anti-malware software; evolutionary similarity; malware obfuscation detection; maximal pattern sequence; program execution; program specific behavior; program transformation; runtime system call sequence; Application software; Computer applications; Data mining; Information technology; Intrusion detection; Operating systems; Pattern analysis; Phylogeny; Resilience; Testing; evolutionary similarity; malware; maximal pattern; obfuscation;
Conference_Titel :
Intelligent Information Technology Application, 2009. IITA 2009. Third International Symposium on
Conference_Location :
Nanchang
Print_ISBN :
978-0-7695-3859-4
DOI :
10.1109/IITA.2009.109
