Malwise-an effective and efficient classification system for packed and polymorphic malware

Cesare, Silvio, Xiang, Yang and Zhou, Wanlei 2013, Malwise-an effective and efficient classification system for packed and polymorphic malware, IEEE transactions on computers, vol. 62, no. 6, pp. 1193-1206.

Attached Files
Name Description MIMEType Size Downloads

Title Malwise-an effective and efficient classification system for packed and polymorphic malware
Author(s) Cesare, Silvio
Xiang, Yang
Zhou, Wanlei
Journal name IEEE transactions on computers
Volume number 62
Issue number 6
Start page 1193
End page 1206
Total pages 14
Publisher IEEE
Place of publication Piscataway, N.J.
Publication date 2013
ISSN 0018-9340
1557-9956
Keyword(s) computer security
control flow
malware
structural classification
structured control flow
unpacking
Summary Signature-based malware detection systems have been a much used response to the pervasive problem of malware. Identification of malware variants is essential to a detection system and is made possible by identifying invariant characteristics in related samples. To classify the packed and polymorphic malware, this paper proposes a novel system, named Malwise, for malware classification using a fast application-level emulator to reverse the code packing transformation, and two flowgraph matching algorithms to perform classification. An exact flowgraph matching algorithm is employed that uses string-based signatures, and is able to detect malware with near real-time performance. Additionally, a more effective approximate flowgraph matching algorithm is proposed that uses the decompilation technique of structuring to generate string-based signatures amenable to the string edit distance. We use real and synthetic malware to demonstrate the effectiveness and efficiency of Malwise. Using more than 15,000 real malware, collected from honeypots, the effectiveness is validated by showing that there is an 88 percent probability that new malware is detected as a variant of existing malware. The efficiency is demonstrated from a smaller sample set of malware where 86 percent of the samples can be classified in under 1.3 seconds.
Language eng
Field of Research 080503 Networking and Communications
080501 Distributed and Grid Systems
080199 Artificial Intelligence and Image Processing not elsewhere classified
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category C1 Refereed article in a scholarly journal
Copyright notice ©2013, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30055400

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: Scopus Citation Count Cited 2 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 23 Abstract Views, 0 File Downloads  -  Detailed Statistics
Created: Tue, 27 Aug 2013, 12:20:49 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.