Behavior-based Malware Detection with Quantitative Data Flow Analysis
Seiten
2016
epubli (Verlag)
978-3-7418-6970-9 (ISBN)
epubli (Verlag)
978-3-7418-6970-9 (ISBN)
- Titel leider nicht mehr lieferbar
- Artikel merken
We present a novel effective, robust, and efficient concept of leveraging quantitative data flow analysis for behavior-based malware detection.
Malware remains one of the biggest IT security threats, with available detection approaches struggling to cope with a professionalized malware development industry. The increasing sophistication of today's malware and the prevalent usage of obfuscation techniques renders traditional static detection approaches increasingly ineffective. This thesis contributes towards improving this situation by proposing a novel effective, robust, and efficient concept of leveraging quantitative data flow analysis for behavior-based malware detection.
We interpret system calls, issued by monitored processes, as quantifiable flows of data between system entities, such as files, sockets, or processes. We aggregate multiple flows as quantitative data flow graphs (QDFGs) that model the behavior of a system during a certain period of time. We operationalize this model for behavior-based malware detection in four different ways by either detecting patterns of known malicious behavior in QDFGs of unknown samples, or by profiling and identifying malicious behavior with graph metrics on QDFGs.
The core contribution of this thesis is the demonstration that quantitative data flow information improves detection effectiveness compared to non-quantitative analyses. We establish high detection effectiveness, obfuscation robustness, and efficiency by evaluations on a large and diverse malware and goodware data set.
Malware remains one of the biggest IT security threats, with available detection approaches struggling to cope with a professionalized malware development industry. The increasing sophistication of today's malware and the prevalent usage of obfuscation techniques renders traditional static detection approaches increasingly ineffective. This thesis contributes towards improving this situation by proposing a novel effective, robust, and efficient concept of leveraging quantitative data flow analysis for behavior-based malware detection.
We interpret system calls, issued by monitored processes, as quantifiable flows of data between system entities, such as files, sockets, or processes. We aggregate multiple flows as quantitative data flow graphs (QDFGs) that model the behavior of a system during a certain period of time. We operationalize this model for behavior-based malware detection in four different ways by either detecting patterns of known malicious behavior in QDFGs of unknown samples, or by profiling and identifying malicious behavior with graph metrics on QDFGs.
The core contribution of this thesis is the demonstration that quantitative data flow information improves detection effectiveness compared to non-quantitative analyses. We establish high detection effectiveness, obfuscation robustness, and efficiency by evaluations on a large and diverse malware and goodware data set.
tbd
| Erscheinungsdatum | 03.12.2016 |
|---|---|
| Sprache | englisch |
| Maße | 170 x 240 mm |
| Gewicht | 688 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | data flow • Graph • Malware • Quantitative • WINDOWS |
| ISBN-10 | 3-7418-6970-8 / 3741869708 |
| ISBN-13 | 978-3-7418-6970-9 / 9783741869709 |
| Zustand | Neuware |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
Mehr entdecken
aus dem Bereich
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …
Buch | Softcover (2022)
Springer Vieweg (Verlag)
CHF 53,15
Lehrbuch für Prüfung und Praxis
Buch | Softcover (2023)
Springer Fachmedien Wiesbaden GmbH (Verlag)
CHF 27,95
Management der Informationssicherheit und Vorbereitung auf die …
Buch (2024)
Carl Hanser (Verlag)
CHF 97,95
