An approach for malware behavior identification and classification

Author

Zolkipli, Mohamad Fadli ; Jantan, Aman

Author_Institution

Sch. of Comput. Sci., Univ. Sains Malaysia, Penang, Malaysia

Volume

1

fYear

2011

fDate

11-13 March 2011

Firstpage

191

Lastpage

194

Abstract

Malware is one of the major security threats that can break computer operation. However, commercial anti-virus or anti-spyware that used signature-based matching to detects malware cannot solve that kind of threats. Nowadays malware writers try to avoid detection by using several techniques such as polymorphic, metamorphic and also hiding technique. In order to overcome that issue, we proposed a new framework for malware behavior identification and classification that apply dynamic approach. This framework consists of two major processes such as behavior identification and malware classification. These two major processes will integrate together as interrelated process in our proposed framework. Result from this study is a new framework that able to identify and classify malware based on it behaviors.

Keywords

computer viruses; data encapsulation; digital signatures; antispyware; antivirus; hiding technique; malware behavior classification; malware behavior identification; metamorphic technique; polymorphic technique; security threats; signature-based matching; Computer architecture; Computer science; Computers; Malware; Operating systems; Virtual machining; behavior analysis; computer security; malware; malware classification;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Research and Development (ICCRD), 2011 3rd International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-61284-839-6

Type

conf

DOI

10.1109/ICCRD.2011.5764001

Filename

5764001