Induction of one-level decision trees
ML92 Proceedings of the ninth international workshop on Machine learning
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Machine Learning
Naive (Bayes) at Forty: The Independence Assumption in Information Retrieval
ECML '98 Proceedings of the 10th European Conference on Machine Learning
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Recent worms: a survey and trends
Proceedings of the 2003 ACM workshop on Rapid malcode
Polymorphic Malicious Executable Scanner by API Sequence Analysis
HIS '04 Proceedings of the Fourth International Conference on Hybrid Intelligent Systems
Intrusion detection using sequences of system calls
Journal of Computer Security
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Making sense of anti-malware comparative testing
Information Security Tech. Report
Information Security Tech. Report
Dynamic Detection of Unknown Malicious Executables Base on API Interception
DBTA '09 Proceedings of the 2009 First International Workshop on Database Technology and Applications
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Static CFG analyzer for metamorphic Malware code
Proceedings of the 2nd international conference on Security of information and networks
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
New malicious code detection using variable length n-grams
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 6th International Conference on Security of Information and Networks
A lossy counting based approach for learning on streams of graphs on a budget
IJCAI'13 Proceedings of the Twenty-Third international joint conference on Artificial Intelligence
Hi-index | 0.00 |
Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already caused damage and it is registered. Therefore, it fails to detect new malwares (unknown malwares). Since most of malwares have similar behavior, a behavior based method can detect unknown malwares. The behavior of a program can be represented by a set of called API's (application programming interface). Therefore, a classifier can be employed to construct a learning model with a set of programs' API calls. Finally, an intelligent malware detection system is developed to detect unknown malwares automatically. On the other hand, we have an appealing representation model to visualize the executable files structure which is control flow graph (CFG). This model represents another semantic aspect of programs. This paper presents a robust semantic based method to detect unknown malwares based on combination of a visualize model (CFG) and called API's. The main contribution of this paper is extracting CFG from programs and combining it with extracted API calls to have more information about executable files. This new representation model is called API-CFG. In addition, to have fast learning and classification process, the control flow graphs are converted to a set of feature vectors by a nice trick. Our approach is capable of classifying unseen benign and malicious code with high accuracy. The results show a statistically significant improvement over n-grams based detection method.