Malware detection with quantitative data flow graphs

Tobias Wüchner, Martín Ochoa, Alexander Pretschner

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

50 Zitate (Scopus)

Abstract

We propose a novel behavioral malware detection approach based on a generic system-wide quantitative data flow model. We base our data flow analysis on the incremental construction of aggregated quantitative data flow graphs. These graphs represent communication between different system entities such as processes, sockets, files or system registries. We demonstrate the feasibility of our approach through a prototypical instantiation and implementation for the Windows operating system. Our experiments yield encouraging results: in our data set of samples from common malware families and popular non-malicious applications, our approach has a detection rate of 96 % and a false positive rate of less than 1.6 %.

OriginalspracheEnglisch
TitelASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
Herausgeber (Verlag)Association for Computing Machinery, Inc
Seiten271-282
Seitenumfang12
ISBN (elektronisch)9781450328005
DOIs
PublikationsstatusVeröffentlicht - 4 Juni 2014
Veranstaltung9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014 - Kyoto, Japan
Dauer: 4 Juni 20146 Juni 2014

Publikationsreihe

NameASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Konferenz

Konferenz9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
Land/GebietJapan
OrtKyoto
Zeitraum4/06/146/06/14

Fingerprint

Untersuchen Sie die Forschungsthemen von „Malware detection with quantitative data flow graphs“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren