Abstract
The majority of existing malware detection techniques detects malicious codes by identifying malicious behavior patterns. However, they have difficulty identifying new or modified malicious behaviors; consequently, new techniques that can effectively and accurately detect new malicious behaviors are crucial. This paper proposes a method that defines the malicious behaviors of malware using conceptual graphs that are able to describe their concepts and the relationships among them and, consequently, infer their malicious behavior patterns. The inferred patterns are then learned by a Support Vector Machine (SVM) classifier that compares and classifies the behaviors as either normal or malicious. The results of experiments conducted verify that the proposed method detects malicious codes more efficiently than conventional methods. In the experimental results, it exhibits a better detection rate than that of malicious code detection methods that rely solely on the signature based approach. This suggests that the proposed method is not only suitable for detection of malicious codes, but is also more efficient than other detection methods as it combines the advantages of more than two malicious code detection methods.
Highlights
Advanced Persistent Threat (APT) attacks have become an issue in Information Security
Conventional approaches to countering APT attacks are of two types: security solutions based on the network, and interception of spreading malware that occur in a repetitive pattern
The stored malignant patterns are used to create Support Vector Machine (SVM) training data by matching the Conceptual Graph Interchange Format (CGIF) converted from the normal scripts with those converted from the malicious scripts, and for SVM learning
Summary
Advanced Persistent Threat (APT) attacks have become an issue in Information Security. Conventional approaches to countering APT attacks are of two types: security solutions based on the network, and interception of spreading malware that occur in a repetitive pattern. These approaches rely on methods such as URL blacklists and signatures. Many attack methods hide malware site URLs and exploit JavaScript code These attempts have increased gradually, resulting in a variety of file types, including JavaScript, being vulnerable [Elshoush and Osmank, 11], [Laskov and Srndic, 11]. The majority of existing malware detection techniques examines the character string signature or the behavior pattern in order to distinguish between normal programs and malware With these techniques, finding new malicious codes or their variants is difficult.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have