PDF (777.3 KB)
Collect
Submit Manuscript
Show Outline
Figures (4)

Tables (3)
Table 1
Table 2
Table 3
Open Access

Malicious Code Detection Model Based on Behavior Association

Lab. of Information Security, School of Computer Science, Huazhong University of Science and Technology, Wuhan 430074, China.
Show Author Information

Abstract

Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals’ sensitive information, company and government intellectual property, and to gain remote control of systems. However, traditional methods of malicious code detection, such as signature detection, behavior detection, virtual machine detection, and heuristic detection, have various weaknesses which make them unreliable. This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association. The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior; then a relation between behaviors is established according to data dependence. Next, a behavior association model is built up and a discrimination method is put forth using pushdown automation. Finally, the exact malicious code is taken as a sample to carry out an experiment on the behavior’s capture, association, and discrimination, thus proving that the theoretical model is viable.

References

[1]
F. Cohen, Computer viruses: Theory and experiments, Computers & Security, vol. 6, no. 1, pp. 22-35, 1987.
[2]
D. Spinellis, Reliable identification of bounded-length viruses is NP-complete, IEEE Transactions on Information Theory, vol. 49, no. 1, pp. 280-284, 2003.
[3]
B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, Analysis of a botnet takeover, IEEE Security & Privacy, vol. 9, no. 1, pp. 64-72, 2011.
[4]
M. Feng and R. Gupta, Detecting virus mutations via dynamic matching, in IEEE International Conference on Software Maintenance, Edmonton, Alberta, Canada, 2009, pp. 105-114.
[5]
J. R. Harrald, S. A. Schmitt, and S. Shrestha, The effect of computer virus occurrence and virusthreat level on antivirus companies’ financial performance, in Engineering Management Conf., 2004. Proceedings. IEEE International, 2004, vol. 2, pp. 780-784.
[6]
Z.-P. Kang, H. Xiang, and L. Fu, Attack and defence on API hook technology of trojan horse, Information Security and Communications Privacy, vol. 2, pp.145-148, 2007.
[7]
L. Wang, Y. Li, and Z. Li, A novel technique of recognising multi-stage attack behavior, Int. J. of High Performance Computing and Networking, vol. 6, no. 3/4, pp. 174-180, 2010.
[8]
J. E. Smith and R. Nair, The architecture of virtual machines, Computer., vol. 38, no. 5, pp. 32-38, 2005.
[9]
L. C. Briand, J. Feng, and Y. Labiche, Experimenting with genetic algorithms and coupling measures to devise optimal integration test orders, in Software Engineering with Computational Intelligence, T. M. Khoshgoftaar, Ed. Kluwer Academic Publishers, 2003, pp. 204-234.
[10]
M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, Data mining methods for detection of new malicious executables, in IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2001, pp. 38-49.
[11]
F. Porikli and O. Tuzel, Multi-kernel object tracking, in IEEE International Conference on Multimedia and Expo, Amsterdam, Holland, 2005, pp. 1234-1237.
[12]
M. Boulif and K. Atif, Multiobjective cell formation with routing flexibility: A graph partitioning approach, Int. Journal of Computational Science and Engineering, http://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijcse, forthcoming articles.
[13]
Y. Sakakibara, Grammatical inference in bioinformatics, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 27, no. 7, pp. 1051-1062, 2005.
[14]
D. E. Muller and P. E. Schupp, Groups, the theory of ends and context-free languages, Journal of Computer and System Sciences, vol. 26, no. 3, pp. 295-310, 1983.
[15]
M. Plicka, J. Janousek, and B. Melichar, Subtree oracle pushdown automata for ranked and unranked ordered trees, in Federated Conference on Computer Science and Information Systems (FedCSIS), Szczecin, Poland, 2011, pp. 903-906.
Tsinghua Science and Technology
Pages 508-515
Cite this article:
Han L, Qian M, Xu X, et al. Malicious Code Detection Model Based on Behavior Association. Tsinghua Science and Technology, 2014, 19(5): 508-515. https://doi.org/10.1109/TST.2014.6919827
Metrics & Citations  
Article History
Copyright
Return