You are not logged in.

Control flow-based malware variant detection

Cesare,S, Xiang,Y and Zhou,W 2014, Control flow-based malware variant detection, IEEE transactions on dependable and secure computing, vol. 11, no. 4, pp. 304-317, doi: 10.1109/TDSC.2013.40.

Attached Files
Name Description MIMEType Size Downloads

Title Control flow-based malware variant detection
Author(s) Cesare,S
Xiang,YORCID iD for Xiang,Y orcid.org/0000-0001-5252-0831
Zhou,WORCID iD for Zhou,W orcid.org/0000-0002-1680-2521
Journal name IEEE transactions on dependable and secure computing
Volume number 11
Issue number 4
Start page 304
End page 317
Publisher IEEE
Place of publication Piscataway, NJ
Publication date 2014
ISSN 1545-5971
Keyword(s) Computer security
control flow
decompilation
malware classification
static analysis
structuring
Science & Technology
Technology
Computer Science, Hardware & Architecture
Computer Science, Information Systems
Computer Science, Software Engineering
Computer Science
EXECUTABLES
SEARCH
Summary Static detection of malware variants plays an important role in system security and control flow has been shown as an effective characteristic that represents polymorphic malware. In our research, we propose a similarity search of malware to detect these variants using novel distance metrics. We describe a malware signature by the set of control flowgraphs the malware contains. We use a distance metric based on the distance between feature vectors of string-based signatures. The feature vector is a decomposition of the set of graphs into either fixed size k-subgraphs, or q-gram strings of the high-level source after decompilation. We use this distance metric to perform pre-filtering. We also propose a more effective but less computationally efficient distance metric based on the minimum matching distance. The minimum matching distance uses the string edit distances between programs' decompiled flowgraphs, and the linear sum assignment problem to construct a minimum sum weight matching between two sets of graphs. We implement the distance metrics in a complete malware variant detection system. The evaluation shows that our approach is highly effective in terms of a limited false positive rate and our system detects more malware variants when compared to the detection rates of other algorithms. © 2013 IEEE.
Language eng
DOI 10.1109/TDSC.2013.40
Field of Research 080303 Computer System Security
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2014, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30072040

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 7 times in TR Web of Science
Scopus Citation Count Cited 17 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 230 Abstract Views, 1 File Downloads  -  Detailed Statistics
Created: Thu, 02 Apr 2015, 15:34:07 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.