Malware detection with quantitative data flow graphs

Tobias Wüchner, Martín Ochoa, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

50 Scopus citations

Abstract

We propose a novel behavioral malware detection approach based on a generic system-wide quantitative data flow model. We base our data flow analysis on the incremental construction of aggregated quantitative data flow graphs. These graphs represent communication between different system entities such as processes, sockets, files or system registries. We demonstrate the feasibility of our approach through a prototypical instantiation and implementation for the Windows operating system. Our experiments yield encouraging results: in our data set of samples from common malware families and popular non-malicious applications, our approach has a detection rate of 96 % and a false positive rate of less than 1.6 %.

Original languageEnglish
Title of host publicationASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages271-282
Number of pages12
ISBN (Electronic)9781450328005
DOIs
StatePublished - 4 Jun 2014
Event9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014 - Kyoto, Japan
Duration: 4 Jun 20146 Jun 2014

Publication series

NameASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Conference

Conference9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
Country/TerritoryJapan
CityKyoto
Period4/06/146/06/14

Keywords

  • Behavioral malware analysis
  • Data flow tracking
  • Intrusion detection
  • Malware detection
  • Quantitative data flows

Fingerprint

Dive into the research topics of 'Malware detection with quantitative data flow graphs'. Together they form a unique fingerprint.

Cite this