Control flow-based malware variant detection

Cesare,S, Xiang,Y and Zhou,W 2014, Control flow-based malware variant detection, IEEE transactions on dependable and secure computing, vol. 11, no. 4, pp. 304-317, doi: 10.1109/TDSC.2013.40.

Attached Files
Name Description MIMEType Size Downloads

Title Control flow-based malware variant detection
Author(s) Cesare,S
Xiang,YORCID iD for Xiang,Y
Zhou,WORCID iD for Zhou,W
Journal name IEEE transactions on dependable and secure computing
Volume number 11
Issue number 4
Start page 304
End page 317
Publisher IEEE
Place of publication Piscataway, NJ
Publication date 2014
ISSN 1545-5971
Keyword(s) Computer security
control flow
malware classification
static analysis
Science & Technology
Computer Science, Hardware & Architecture
Computer Science, Information Systems
Computer Science, Software Engineering
Computer Science
Summary Static detection of malware variants plays an important role in system security and control flow has been shown as an effective characteristic that represents polymorphic malware. In our research, we propose a similarity search of malware to detect these variants using novel distance metrics. We describe a malware signature by the set of control flowgraphs the malware contains. We use a distance metric based on the distance between feature vectors of string-based signatures. The feature vector is a decomposition of the set of graphs into either fixed size k-subgraphs, or q-gram strings of the high-level source after decompilation. We use this distance metric to perform pre-filtering. We also propose a more effective but less computationally efficient distance metric based on the minimum matching distance. The minimum matching distance uses the string edit distances between programs' decompiled flowgraphs, and the linear sum assignment problem to construct a minimum sum weight matching between two sets of graphs. We implement the distance metrics in a complete malware variant detection system. The evaluation shows that our approach is highly effective in terms of a limited false positive rate and our system detects more malware variants when compared to the detection rates of other algorithms. © 2013 IEEE.
Language eng
DOI 10.1109/TDSC.2013.40
Field of Research 080303 Computer System Security
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2014, IEEE
Persistent URL

Document type: Journal Article
Collections: School of Information Technology
2018 ERA Submission
Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 13 times in TR Web of Science
Scopus Citation Count Cited 26 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 364 Abstract Views, 4 File Downloads  -  Detailed Statistics
Created: Thu, 02 Apr 2015, 15:34:07 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact