Openly accessible

Differentiating malware from cleanware using behavioural analysis

Tian, Ronghua, Islam, Rafiqul, Batten, Lynn and Versteeg, Steve 2010, Differentiating malware from cleanware using behavioural analysis, in MALWARE 2010 : Proceedings of the 5th International Conference on Malicious and Unwanted Software 2010, IEEE, Piscataway, N.J., pp. 23-30.

Attached Files
Name Description MIMEType Size Downloads
islam-differentiatingmalware-2010.pdf Published version application/pdf 887.62KB 22

Title Differentiating malware from cleanware using behavioural analysis
Author(s) Tian, Ronghua
Islam, Rafiqul
Batten, Lynn
Versteeg, Steve
Conference name International Conference on Malicious and Unwanted Software (5th : 2010 : Nancy, France)
Conference location Nancy, France
Conference dates 19-20 Oct. 2010
Title of proceedings MALWARE 2010 : Proceedings of the 5th International Conference on Malicious and Unwanted Software 2010
Editor(s) [Unknown]
Publication date 2010
Conference series Malicious and Unwanted Software Conference
Start page 23
End page 30
Total pages 8
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) malware
strings
API
dynamic
Summary This paper proposes a scalable approach for distinguishing malicious files from clean files by investigating the behavioural features using logs of various API calls. We also propose, as an alternative to the traditional method of manually identifying malware files, an automated classification system using runtime features of malware files. For both projects, we use an automated tool running in a virtual environment to extract API call features from executables and apply pattern recognition algorithms and statistical methods to differentiate between files. Our experimental results, based on a dataset of 1368 malware and 456 cleanware files, provide an accuracy of over 97% in distinguishing malware from cleanware. Our techniques provide a similar accuracy for classifying malware into families. In both cases, our results outperform comparable previously published techniques.
ISBN 1424493552
9781424493555
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 890206 Internet Hosting Services (incl. Application Hosting Services)
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2010
Copyright notice ©2010, Institute of Electrical and Electronics Engineers (IEEE)
Persistent URL http://hdl.handle.net/10536/DRO/DU:30033827

Document type: Conference Paper
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Access Statistics: 214 Abstract Views, 28 File Downloads  -  Detailed Statistics
Created: Wed, 13 Apr 2011, 12:22:20 EST by Sandra Dunoon

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.