A scalable approach for malware detection through bounded feature space behavior modeling
In recent years, malware (malicious software) has greatly evolved and has become very sophisticated. The evolution of malware makes it difficult to detect using traditional signature-based malware detectors. Thus, researchers have proposed various behavior-based malware detection techniques to mitig...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2013
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4780 https://ink.library.smu.edu.sg/context/sis_research/article/5783/viewcontent/A_Scalable_Approach_for_Malware_Detection_ASE13.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5783 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-57832020-01-16T10:19:08Z A scalable approach for malware detection through bounded feature space behavior modeling CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan BRIAND, Lionel C SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi In recent years, malware (malicious software) has greatly evolved and has become very sophisticated. The evolution of malware makes it difficult to detect using traditional signature-based malware detectors. Thus, researchers have proposed various behavior-based malware detection techniques to mitigate this problem. However, there are still serious shortcomings, related to scalability and computational complexity, in existing malware behavior modeling techniques. This raises questions about the practical applicability of these techniques. This paper proposes and evaluates a bounded feature space behavior modeling (BOFM) framework for scalable malware detection. BOFM models the interactions between software (which can be malware or benign) and security-critical OS resources in a scalable manner. Information collected at run-time according to this model is then used by machine learning algorithms to learn how to accurately classify software as malware or benign. One of the key problems with simple malware behavior modeling (e.g., n-gram model) is that the number of malware features (i.e., signatures) grows proportional to the size of execution traces, with a resulting malware feature space that is so large that it makes the detection process very challenging. On the other hand, in BOFM, the malware feature space is bounded by an upper limit N, a constant, and the results of our experiments show that its computation time and memory usage are vastly lower than in currently reported, malware detection techniques, while preserving or even improving their high detection accuracy. 2013-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4780 info:doi/10.1109/ASE.2013.6693090 https://ink.library.smu.edu.sg/context/sis_research/article/5783/viewcontent/A_Scalable_Approach_for_Malware_Detection_ASE13.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Malware detection Malware behavior modeling Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Malware detection Malware behavior modeling Software Engineering |
| spellingShingle |
Malware detection Malware behavior modeling Software Engineering CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan BRIAND, Lionel C SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi A scalable approach for malware detection through bounded feature space behavior modeling |
| description |
In recent years, malware (malicious software) has greatly evolved and has become very sophisticated. The evolution of malware makes it difficult to detect using traditional signature-based malware detectors. Thus, researchers have proposed various behavior-based malware detection techniques to mitigate this problem. However, there are still serious shortcomings, related to scalability and computational complexity, in existing malware behavior modeling techniques. This raises questions about the practical applicability of these techniques. This paper proposes and evaluates a bounded feature space behavior modeling (BOFM) framework for scalable malware detection. BOFM models the interactions between software (which can be malware or benign) and security-critical OS resources in a scalable manner. Information collected at run-time according to this model is then used by machine learning algorithms to learn how to accurately classify software as malware or benign. One of the key problems with simple malware behavior modeling (e.g., n-gram model) is that the number of malware features (i.e., signatures) grows proportional to the size of execution traces, with a resulting malware feature space that is so large that it makes the detection process very challenging. On the other hand, in BOFM, the malware feature space is bounded by an upper limit N, a constant, and the results of our experiments show that its computation time and memory usage are vastly lower than in currently reported, malware detection techniques, while preserving or even improving their high detection accuracy. |
| format |
text |
| author |
CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan BRIAND, Lionel C SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi |
| author_facet |
CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan BRIAND, Lionel C SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi |
| author_sort |
CHANDRAMOHAN, Mahinthan |
| title |
A scalable approach for malware detection through bounded feature space behavior modeling |
| title_short |
A scalable approach for malware detection through bounded feature space behavior modeling |
| title_full |
A scalable approach for malware detection through bounded feature space behavior modeling |
| title_fullStr |
A scalable approach for malware detection through bounded feature space behavior modeling |
| title_full_unstemmed |
A scalable approach for malware detection through bounded feature space behavior modeling |
| title_sort |
scalable approach for malware detection through bounded feature space behavior modeling |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2013 |
| url |
https://ink.library.smu.edu.sg/sis_research/4780 https://ink.library.smu.edu.sg/context/sis_research/article/5783/viewcontent/A_Scalable_Approach_for_Malware_Detection_ASE13.pdf |
| _version_ |
1770575029132591104 |