A graph-based framework for malicious software detection and classification utilizing temporal-graphs-Reference-Cited by-同舟云学术

A graph-based framework for malicious software detection and classification utilizing temporal-graphs

Published:2021-10-27 Issue:6 Volume:29 Page:651-688
ISSN:1875-8924
Container-title:Journal of Computer Security
language:
Short-container-title:JCS

Author:

Dounavi Helen-Maria¹,Mpanti Anna¹,Nikolopoulos Stavros D.¹,Polenakis Iosif¹

Affiliation:

1. Department of Computer Science & Engineering, University of Ioannina, Ioannina, Greece. E-mails: edounavi@cse.uoi.gr, ampanti@cs.uoi.gr, stavros@cs.uoi.gr, ipolenak@cs.uoi.gr

Abstract

In this paper we present a graph-based framework that, utilizing relations between groups of System-calls, detects whether an unknown software sample is malicious or benign, and classifies a malicious software to one of a set of known malware families. In our approach we propose a novel graph representation of dependency graphs by capturing their structural evolution over time constructing sequential graph instances, the so-called Temporal Graphs. The partitions of the temporal evolution of a graph defined by specific time-slots, results to different types of graphs representations based upon the information we capture across the capturing of its evolution. The proposed graph-based framework utilizes the proposed types of temporal graphs computing similarity metrics over various graph characteristics in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection rates and the classification ability of our proposed graph-based framework conducting a series of experiments over a set of known malware samples pre-classified into malware families.

Publisher

IOS Press

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Software

Reference58 articles.

1. Lightweight behavioral malware detection for windows platforms

2. L. Aneja and S. Babbar, Research trends in malware detection on Android devices, in: International Conference on Recent Developments in Science, Engineering and Technology, Springer, 2017, pp. 629–642.

3. D. Babic, D. Reynaud and D. Song, Malware analysis with tree automata inference, in: Proceedings of the 23rd International Conference on Computer Aided Verification (CAV’11), 2011, pp. 116–131.

4. A. Bulazel and B. Yener, A survey on automated dynamic malware analysis evasion and counter-evasion: PC, mobile, and web, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium, ACM, 2017, pp. 1–21.

5. R. Canzanese, M. Kam and S. Mancoridis, Toward an automatic, online behavioral malware classification system, in: 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, IEEE, 2013, pp. 111–120.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Research on Virus Propagation Network Intrusion Detection Based on Graph Neural Network;Mathematics;2024-05-14

2. Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection;Electronics;2024-01-02

3. Detection and classification of malicious software utilizing Max-Flows between system-call groups;Journal of Computer Virology and Hacking Techniques;2022-06-14