@inproceedings{f5f8d55cfe5f4c358b0f2a31b20905df,
title = "Robust and effective malware detection through quantitative data flow graph metrics",
abstract = "We present a novel malware detection approach based on metrics over quantitative data flow graphs. Quantitative data flow graphs (QDFGs) model process behavior by interpreting issued system calls as aggregations of quantifiable data flows. Due to the high abstraction level we consider QDFG metric based detection more robust against typical behavior obfuscation like bogus call injection or call reordering than other common behavioral models that base on raw system calls. We support this claim with experiments on obfuscated malware logs and demonstrate the superior obfuscation robustness in comparison to detection using ngrams. Our evaluations on a large and diverse data set consisting of about 7000 malware and 500 goodware samples show an average detection rate of 98.01% and a false positive rate of 0.48%. Moreover, we show that our approach is able to detect new malware (i.e. samples from malware families not included in the training set) and that the consideration of quantities in itself significantly improves detection precision.",
author = "Tobias W{\"u}chner and Mart{\'i}n Ochoa and Alexander Pretschner",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015 ; Conference date: 09-07-2015 Through 10-07-2015",
year = "2015",
doi = "10.1007/978-3-319-20550-2_6",
language = "English",
isbn = "9783319205496",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "98--118",
editor = "Federico Maggi and Magnus Almgren and Vincenzo Gulisano",
booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference, DIMVA 2015, Proceedings",
}