Metamorphic malicious code behavior detection using probabilistic inference methods |
| |
Affiliation: | 1. Department of Computer Science, City University of Hong Kong, Hong Kong, SAR, China;2. Infocomm Security Department, Institute for Infocomm Research, Singapore;3. Department of Computing, The Hong Kong Polytechnic University, Hong Kong, SAR, China;4. PolyU Shenzhen Research Institute, China |
| |
Abstract: | Existing antivirus programs detect malicious code based on fixed signatures; therefore, they have limitations in detecting metamorphic malicious code that lacks signature information or possesses circumventing code inserted into it. Research on the methods for detecting this type of metamorphic malicious code primarily focuses on techniques that can detect code based on behavioral similarity to known malicious code. However, these techniques measure the degree of similarity with existing malicious code using API function call patterns. Therefore, they have certain disadvantages, such as low accuracy and large detection times. In this paper, we propose a method which can overcome the limitations of existing methods by using the FP-Growth algorithm, a data mining technique, and the Markov Logic Networks algorithm, a probabilistic inference method. To perform a comparative evaluation of the proposed method's malicious code behavior detection, we performed inference experiments using malicious code with an inserted code for random malicious behavior. We performed experiments to select optimal weights for each inference rule to improve our malicious code behavior inferences’ accuracy. The results of experiments, in which we performed a comparative evaluation with the General Bayesian Network, showed that the proposed method had an 8% higher classification performance. |
| |
Keywords: | Malicious code Probabilistic inference Markov logic networks Malicious behavior patterns |
本文献已被 ScienceDirect 等数据库收录! |
|