MoG: Behavior-Obfuscation Resistance Malware Detection. (4th June 2019)
- Record Type:
- Journal Article
- Title:
- MoG: Behavior-Obfuscation Resistance Malware Detection. (4th June 2019)
- Main Title:
- MoG: Behavior-Obfuscation Resistance Malware Detection
- Authors:
- Cheng, Binlin
Liu, Jinjun
Chen, Jiejie
Shi, Shudong
Peng, Xufu
Zhang, Xingwen
Hai, Haiqing - Editors:
- Furnell, Steven
- Abstract:
- Abstract: Malware brings a big security threat on the Internet today. With the great increasing malware attacks. Behavior-based detection approaches are one of the major method to detect zero-day malware. Such approaches often use API calls to represent the behavior of malware. Unfortunately, behavior-based approaches suffer from behavior obfuscation attacks. In this paper, we propose a novel malware detection approach that is both effective and efficient. First, we abstract the API call to object operation. And then we generate the object operation dependency graph based on these object operations. Finally, we construct the family dependency graph for a malware family. Our approach use family dependency graph to represent the behavior of malware family. The evaluation results show that our approach can provide a complete resistance to all types of behavior obfuscation attacks, and outperforms existing behavior-based approaches in terms of better effectiveness and efficiency.
- Is Part Of:
- Computer journal. Volume 62:Number 12(2019)
- Journal:
- Computer journal
- Issue:
- Volume 62:Number 12(2019)
- Issue Display:
- Volume 62, Issue 12 (2019)
- Year:
- 2019
- Volume:
- 62
- Issue:
- 12
- Issue Sort Value:
- 2019-0062-0012-0000
- Page Start:
- 1734
- Page End:
- 1747
- Publication Date:
- 2019-06-04
- Subjects:
- malware -- behavior-based analysis -- API call -- object operation
Computers -- Periodicals
005.1 - Journal URLs:
- http://comjnl.oxfordjournals.org/ ↗
http://ukcatalogue.oup.com/ ↗ - DOI:
- 10.1093/comjnl/bxz033 ↗
- Languages:
- English
- ISSNs:
- 0010-4620
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.060000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20864.xml