Deakin home > Deakin University Library > Deakin Research Online > Differentiating malware from cleanware using behavioural analysis

Differentiating malware from cleanware using behavioural analysis

Tian, Ronghua, Islam, Rafiqul, Batten, Lynn and Versteeg, Steve 2010, Differentiating malware from cleanware using behavioural analysis, in MALWARE 2010 : Proceedings of the 5th International Conference on Malicious and Unwanted Software 2010, IEEE, Piscataway, N.J., pp. 23-30.

Document type: Conference Paper
Collection: School of Information Technology
Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title Differentiating malware from cleanware using behavioural analysis
Author(s) Tian, Ronghua
Islam, Rafiqul
Batten, Lynn
Versteeg, Steve
Conference name International Conference on Malicious and Unwanted Software (5th : 2010 : Nancy, France)
Conference location Nancy, France
Conference dates 19-20 Oct. 2010
Title of proceedings MALWARE 2010 : Proceedings of the 5th International Conference on Malicious and Unwanted Software 2010
Editor(s) [Unknown]
Publication date 2010
Conference series Malicious and Unwanted Software Conference
Start page 23
End page 30
Total pages 8
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) malware
strings
API
dynamic
Summary This paper proposes a scalable approach for distinguishing malicious files from clean files by investigating the behavioural features using logs of various API calls. We also propose, as an alternative to the traditional method of manually identifying malware files, an automated classification system using runtime features of malware files. For both projects, we use an automated tool running in a virtual environment to extract API call features from executables and apply pattern recognition algorithms and statistical methods to differentiate between files. Our experimental results, based on a dataset of 1368 malware and 456 cleanware files, provide an accuracy of over 97% in distinguishing malware from cleanware. Our techniques provide a similar accuracy for classifying malware into families. In both cases, our results outperform comparable previously published techniques.
ISBN 9781424493555
9781424493562
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 890206 Internet Hosting Services (incl. Application Hosting Services)
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2010
Copyright notice ©2010, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30033827
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.
Versions
Version Filter Type
Access Statistics: 163 Abstract Views, 9 File Downloads  -  Detailed Statistics
Created: Wed, 13 Apr 2011, 12:22:20 EST by Sandra Dunoon