TY - GEN
T1 - Malware detection with quantitative data flow graphs
AU - Wüchner, Tobias
AU - Ochoa, Martín
AU - Pretschner, Alexander
N1 - Publisher Copyright:
Copyright © 2014 ACM.
PY - 2014/6/4
Y1 - 2014/6/4
N2 - We propose a novel behavioral malware detection approach based on a generic system-wide quantitative data flow model. We base our data flow analysis on the incremental construction of aggregated quantitative data flow graphs. These graphs represent communication between different system entities such as processes, sockets, files or system registries. We demonstrate the feasibility of our approach through a prototypical instantiation and implementation for the Windows operating system. Our experiments yield encouraging results: in our data set of samples from common malware families and popular non-malicious applications, our approach has a detection rate of 96 % and a false positive rate of less than 1.6 %.
AB - We propose a novel behavioral malware detection approach based on a generic system-wide quantitative data flow model. We base our data flow analysis on the incremental construction of aggregated quantitative data flow graphs. These graphs represent communication between different system entities such as processes, sockets, files or system registries. We demonstrate the feasibility of our approach through a prototypical instantiation and implementation for the Windows operating system. Our experiments yield encouraging results: in our data set of samples from common malware families and popular non-malicious applications, our approach has a detection rate of 96 % and a false positive rate of less than 1.6 %.
KW - Behavioral malware analysis
KW - Data flow tracking
KW - Intrusion detection
KW - Malware detection
KW - Quantitative data flows
UR - http://www.scopus.com/inward/record.url?scp=84984905603&partnerID=8YFLogxK
U2 - 10.1145/2590296.2590319
DO - 10.1145/2590296.2590319
M3 - Conference contribution
AN - SCOPUS:84984905603
T3 - ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
SP - 271
EP - 282
BT - ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
Y2 - 4 June 2014 through 6 June 2014
ER -