More Web Proxy on the site http://driver.im/

research-article

Metamorphic malicious code behavior detection using probabilistic inference methods

Authors:

Christian Esposito,

Junho ChoiAuthors Info & Claims

Volume 56, Issue C

Pages 142 - 150

https://doi.org/10.1016/j.cogsys.2019.03.007

Published: 01 August 2019 Publication History

Abstract

Existing antivirus programs detect malicious code based on fixed signatures; therefore, they have limitations in detecting metamorphic malicious code that lacks signature information or possesses circumventing code inserted into it. Research on the methods for detecting this type of metamorphic malicious code primarily focuses on techniques that can detect code based on behavioral similarity to known malicious code. However, these techniques measure the degree of similarity with existing malicious code using API function call patterns. Therefore, they have certain disadvantages, such as low accuracy and large detection times. In this paper, we propose a method which can overcome the limitations of existing methods by using the FP-Growth algorithm, a data mining technique, and the Markov Logic Networks algorithm, a probabilistic inference method. To perform a comparative evaluation of the proposed method's malicious code behavior detection, we performed inference experiments using malicious code with an inserted code for random malicious behavior. We performed experiments to select optimal weights for each inference rule to improve our malicious code behavior inferences’ accuracy. The results of experiments, in which we performed a comparative evaluation with the General Bayesian Network, showed that the proposed method had an 8% higher classification performance.

References

[1]

S. Abraham, I. Chengalur-Smith, An overview of social engineering malware: Trends, tactics, and implications, Technology in Society 32 (3) (2010) 183–196,.

[2]

Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., & Giacinto, G. (2016). Novel feature extraction, selection and fusion for effective malware family classification. In Proceedings of the sixth ACM conference on data and application security and privacy (pp. 183–194). New Orleans, Louisiana, USA: ACM Press.

[3]

M. Ahmadi, A. Sami, H. Rahimi, B. Yadegari, Malware detection by behavioural sequential patterns, Computer Fraud & Security 2013 (8) (2013) 11–19,.

[4]

T. Asghar, J. Saeed, HM3alD: Polymorphic malware detection using program behavior-aware hidden Markov model, Applied Sciences 8 (7) (2018) 1044,.

[5]

Belaoued, M., & Mazouzi, S. (2015). Towards an Automatic Method for API Association Extraction for PE-Malware Categorization. In International conference on intelligent information processing, security and advanced communication (Article No. 40). New York, USA: ACM Press.

[6]

C. Choi, J. Choi, E. Lee, I. You, P. Kim, Probabilistic spatio-temporal inference for motion event understanding, Neurocomputing 12 (2) (2013) 24–32,.

Digital Library

[7]

J. Choi, C. Choi, I. You, P. Kim, Polymorphic Malicious JavaScript code detection for APT attack defence, Journal of Universal Computer Science 21 (3) (2015) 369–383,.

[8]

E. Elhadi, M.A. Maarof, B. Barry, Improving the detection of malware behavior using simplified data dependent API call graph, International Journal of Security and Its Applications 7 (5) (2013) 29–42. https://doi.org/10.14257/ijsia.2013.7.5.03.

[9]

E. Gandotra, D. Bansal, S. Sofat, Malware analysis and classification: A survey, Journal of Information Security 5 (2) (2014) 56–64,.

[10]

R. Kaur, M. Singh, A survey on zero-day polymorphic worm detection techniques, IEEE Communications Surveys & Tutorials 16 (3) (2014) 1520–1549,.

[11]

H. Kaur, N. Gill, Host based anomaly detection using Fuzzy Genetic Approach (FGA), International Journal of Computer Applications 74 (20) (2013) 5–9,.

[12]

Kawaguchi, N., & Omote, K. (2015). Malware Function Classification Using APIs in Initial Behavior. In 10th Asia joint conference on information security (pp. 138–144). Kaohsiung, Taiwan: IEEE.

[13]

D. Moon, H. Lee, I. Kim, Host based feature description method for detecting APT attack, Journal of the Korea Institute of Information Security and Cryptology 24 (5) (2014) 839–850. https://doi.org/10.13089/JKIISC.2014.24.5.839.

[14]

Q. Miao, J. Liu, Y. Cao, J. Song, Malware detection using bilayer behavior abstraction and improved on-class support vector machines, International Journal of Information Security 15 (4) (2015) 1–19,.

Digital Library

[15]

P. O'Kane, S. Sezer, K. McLaughlin, E.G. Im, SVM training phase reduction using dataset feature filtering for malware detection, Journal of IEEE Transactions on Information Forensics and Security 8 (3) (2013) 500–509,.

Digital Library

[16]

Ogiela, L., & Ogiela, M. R. (2014). Data mining and semantic inference in cognitive systems. In International conference on intelligent networking and collaborative systems (pp. 257–261). Salerno, Italy: IEEE.

[17]

Ogiela, L. (2008). Cognitive computational intelligence in medical pattern semantic understanding. In 4th International conference on natural computation (pp. 245–247). Jinan, China: IEEE.

[18]

Ogiela, M. R., & Ogiela, L. (2016). On using Cognitive Models in Cryptography. In IEEE 30th international conference on advanced information networking and applications (pp. 1055–1058). Crans-Montana, Switzerland: IEEE.

[19]

Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., & Hamze, A. (2010). Malware detection based on mining API calls. In Proceedings of the 2010 ACM symposium on applied computing (pp. 1020–1025). Sierre, Switzerland: ACM Press.

[20]

M.K. Shankarapani, S. Ramamoorthy, R.S. Movva, S. Mukkamala, Malware detection using assembly and API call sequences, Journal in Computer Virology 7 (2) (2011) 107–119,.

Digital Library

[21]

Uppal, D., Sinha, R., Mehra, V. & Jain, V. (2014). Malware detection and classification based on extraction of API Sequences. In International conference on advances in computing, communications and informatics (pp. 2337–2342). New Delhi, India: IEEE.

[22]

Wu, L., Ping, R., Ke, L., & Hai-xin, D. (2011). Behavior-Based Malware Analysis and Detection. In First international workshop on complexity and data mining (pp. 39–42). Nanjing, Jiangsu, China: IEEE.

[23]

Yang, Z., Yamaki, H., & Takakura, H. (2012). A malware classification method based on similarity of function structure. In 12th International symposium on applications and the internet (pp. 256–261). Izmir, Turkey: IEEE.

[24]

Yilun, W., Zhang, B., Lai, Z., & Su, J. (2012). Malware network behavior extraction based on dynamic binary analysis. In International conference on computer science and automation engineering (pp. 316-320). Beijing, China: IEEE.

Cited By

Albishry NAlGhamdi RAlmalawi AKhan AKshirsagar PBaruDebtera (2022)An Attribute Extraction for Automated Malware Attack Classification and Detection Using Soft Computing TechniquesComputational Intelligence and Neuroscience10.1155/2022/50610592022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/5061059
Yuanfei Z(2022)A Personalized Recommendation System for English Teaching Resources Based on Learning Behavior DetectionMobile Information Systems10.1155/2022/45318672022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4531867
Wu XWang YFang YJia P(2022)Embedding vector generation based on function call graph for effective malware detection and classificationNeural Computing and Applications10.1007/s00521-021-06808-834:11(8643-8656)Online publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1007/s00521-021-06808-8
Show More Cited By

Index Terms

Metamorphic malicious code behavior detection using probabilistic inference methods

Index terms have been assigned to the content through auto-classification.

Recommendations

Securing communication using function extraction technology for malicious code behavior analysis

Since computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds -virus, Trojan Horse, and worm. Current anti-...
Detection of metamorphic malicious mobile code on android-based smartphones

By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote ...
Transforming malicious code to ROP gadgets for antivirus evasion

This study advances research in offensive technology by proposing return oriented programming (ROP) as a means to achieve code obfuscation. The key inspiration is that ROP's unique structure poses various challenges to malware analysis compared to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Cognitive Systems Research

Cognitive Systems Research Volume 56, Issue C

Aug 2019

265 pages

ISSN:1389-0417

Issue’s Table of Contents

Elsevier B.V.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 August 2019

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Albishry NAlGhamdi RAlmalawi AKhan AKshirsagar PBaruDebtera (2022)An Attribute Extraction for Automated Malware Attack Classification and Detection Using Soft Computing TechniquesComputational Intelligence and Neuroscience10.1155/2022/50610592022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/5061059
Yuanfei Z(2022)A Personalized Recommendation System for English Teaching Resources Based on Learning Behavior DetectionMobile Information Systems10.1155/2022/45318672022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4531867
Wu XWang YFang YJia P(2022)Embedding vector generation based on function call graph for effective malware detection and classificationNeural Computing and Applications10.1007/s00521-021-06808-834:11(8643-8656)Online publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1007/s00521-021-06808-8
Li ZJiang X(2021)Detection and defense of network virus using data mining technologySecurity and Privacy10.1002/spy2.1794:6Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1002/spy2.179
Aslan ÖSamet RTanrıöver ÖAfzal H(2020)Using a Subtractive Center Behavioral Model to Detect MalwareSecurity and Communication Networks10.1155/2020/75018942020Online publication date: 27-Feb-2020
https://dl.acm.org/doi/10.1155/2020/7501894

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents