Abstract
Behavior-based detection approaches commonly address the threat of statically obfuscated malware. Such approaches often use graphs to represent process or systembehavior and typically employ frequency-based graph mining techniques to extract characteristic patterns from collections of malware graphs. Recent studies in the molecule mining domain suggest that frequency-based graph mining algorithms often perform sub-optimally in finding highly discriminating patterns. We propose a novel malware detection approach that uses so-called compression-based mining on quantitative data flow graphs to derive highly accurate detection models. Our evaluation on a large and diverse malware set shows that our approach outperforms frequency-based detection models in terms of detection effectiveness by more than 600 percent.
Original language | English |
---|---|
Article number | 7867799 |
Pages (from-to) | 99-112 |
Number of pages | 14 |
Journal | IEEE Transactions on Dependable and Secure Computing |
Volume | 16 |
Issue number | 1 |
DOIs | |
State | Published - 1 Jan 2019 |
Keywords
- Data mining
- Graph mining
- Machine learning
- Malware detection
- Quantitative data flow analysis