A Malware and Variant Detection Method Using Function Call Graph Isomorphism-Reference-Cited by-同舟云学术

A Malware and Variant Detection Method Using Function Call Graph Isomorphism

Published:2019-09-22 Issue: Volume:2019 Page:1-12
ISSN:1939-0114
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Bai Jinrong¹^ORCID,Shi Qibin²^ORCID,Mu Shiguang³^ORCID

Affiliation:

1. School of Mathematics and Information Technology, Yuxi Normal University, Yuxi 653100, China

2. Yuxi E-government Network Management Center, Yuxi 653100, China

3. School of Physics and Electronic Engineering, Yuxi Normal University, Yuxi 653100, China

Abstract

The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.

Funder

National Natural Science Foundation of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2019/1043794.pdf

Reference12 articles.

1. A general definition of malware

2. Graph embedding as a new approach for unknown malware detection

3. Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning

4. Architecture of a morphological malware detector

5. Control Flow-Based Malware VariantDetection

Cited by 15 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. ProcGCN: detecting malicious process in memory based on DGCNN;PeerJ Computer Science;2024-08-07

2. Scalable Program Clone Search through Spectral Analysis;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30

3. A survey on run-time packers and mitigation techniques;International Journal of Information Security;2023-11-01

4. Research on Static Reverse Analysis Technology for Security Detection of Power Industrial Control Software;2023 3rd International Conference on Intelligent Power and Systems (ICIPS);2023-10-20

5. A review on graph-based approaches for network security monitoring and botnet detection;International Journal of Information Security;2023-08-30