• DocumentCode
    2916626
  • Title

    Malware Obfuscation Detection via Maximal Patterns

  • Author

    Li, Jian ; Xu, Ming ; Zheng, Ning ; Xu, Jian

  • Author_Institution
    Inst. of Comput. Applic. Technol., Hangzhou Dianzi Univ., Hangzhou, China
  • Volume
    2
  • fYear
    2009
  • fDate
    21-22 Nov. 2009
  • Firstpage
    324
  • Lastpage
    328
  • Abstract
    Malware obfuscation is defined as a program transformation. It is always used in malware to evade detection from anti-malware software. In this paper, we propose a method to detect malware obfuscation using maximal patterns. Maximal pattern is a subsequence in malware´s runtime system call sequence, which frequently appears in program execution, and can be used to describe the program specific behavior. The maximal pattern sequence is extracted from the malware´s runtime system calls, and the similarity between two pattern sequences will be measured by evolutionary similarity. Based on the real-world malwares test data, the experiment results have shown that our method can efficiently detect malware obfuscation.
  • Keywords
    invasive software; anti-malware software; evolutionary similarity; malware obfuscation detection; maximal pattern sequence; program execution; program specific behavior; program transformation; runtime system call sequence; Application software; Computer applications; Data mining; Information technology; Intrusion detection; Operating systems; Pattern analysis; Phylogeny; Resilience; Testing; evolutionary similarity; malware; maximal pattern; obfuscation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Information Technology Application, 2009. IITA 2009. Third International Symposium on
  • Conference_Location
    Nanchang
  • Print_ISBN
    978-0-7695-3859-4
  • Type

    conf

  • DOI
    10.1109/IITA.2009.109
  • Filename
    5369393
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2916626