• DocumentCode
    568809
  • Title

    Detecting malicious executable file via graph comparison using support vector machine

  • Author

    Sirageldin, A. ; Baharudin, B. ; Low Tang Jung

  • Author_Institution
    Comput. & Inf. Sci. Dept., Univ. Teknol. PETRONAS, Tronoh, Malaysia
  • Volume
    1
  • fYear
    2012
  • fDate
    12-14 June 2012
  • Firstpage
    469
  • Lastpage
    473
  • Abstract
    In every day, Anti-virus Corporations receive large number of potentially harmful executables. Many of the malicious samples among these executables are variations of their early versions that created by their authors to evade the detection. Consequently, robust detection approaches are required, capable of recognizing similar samples automatically. In this paper, malware detection through call graph was studied, the call graph functions of a binary executable are represented as vertices, and the calls between those functions as edges. By representing malware samples as call graphs, it is possible to derive and detect structural similarities between multiple samples. The present paper provides a new malware detection algorithm based on the analysis of graphs introduced from instructions of the executable objects, the graph is constructed through the graph extractor, and the maximum common sub-graph similarity measures is approximated, then the graphs are sent to support vector machine to perfectly approximate the similarity value.
  • Keywords
    computer viruses; directed graphs; support vector machines; Antivirus Corporations; binary executable; call graph functions; executable objects; graph analysis; graph comparison; graph extractor; malicious executable file detection; malware detection algorithm; maximum common subgraph similarity measures; robust detection approach; similarity value; structural similarity; support vector machine; Kernel; Pipelines; Support vector machines; benign; function calls; graph; malware; maximum common subgraph; similarity measures; support vector machine;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer & Information Science (ICCIS), 2012 International Conference on
  • Conference_Location
    Kuala Lumpeu
  • Print_ISBN
    978-1-4673-1937-9
  • Type

    conf

  • DOI
    10.1109/ICCISci.2012.6297291
  • Filename
    6297291