Title :
AOS: An optimized sandbox method used in behavior-based malware detection
Author :
Li, Hong Jhe ; Tien, Chia-Wei ; Tien, Chin-Wei ; Lin, Chih-Hung ; Lee, Hahn-Ming ; Jeng, Albert B.
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
Abstract :
Malware (malicious software) has been widely spread through our computers in the world that many antivirus vendors use signature-based method to detect them. However, the update rate of the virus signature database can never catch up the creation rate of the new malware variants. Using CSS (Crystal Security Sandbox) that monitors the Windows Portable Executable (PE) file execution and generates a sanitized intermediate result for classifying the malware is an emerging research in malware detection. Although the sanitized intermediate result is sufficient to depict the behaviors of malware, it is still a bit too long, too redundant, and too tedious to deal with efficiently. Therefore we compress and sieve the sanitized intermediate result to derive 90% fewer brief expressions which not only reduce the size of data, but also maintain above 93% accuracy rate and less 7 % error rate.
Keywords :
digital signatures; file organisation; invasive software; AOS; CSS; antivirus vendors; behavior based malware detection; crystal security sandbox; malicious software; malware variants; optimized sandbox method; signature based method; virus signature database; windows portable executable file execution; Cascading style sheets; Databases; Grippers; Machine learning; Malware; Software; Support vector machine classification; Sandbox; classification of malware; computer virus; dynamic analysis; malware behavior;
Conference_Titel :
Machine Learning and Cybernetics (ICMLC), 2011 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4577-0305-8
DOI :
10.1109/ICMLC.2011.6016683
