Visible to the public Malicious data classification using structural information and behavioral specifications in executables

TitleMalicious data classification using structural information and behavioral specifications in executables
Publication TypeConference Paper
Year of Publication2014
AuthorsKumar, S., Rama Krishna, C., Aggarwal, N., Sehgal, R., Chamotra, S.
Conference NameEngineering and Computational Sciences (RAECS), 2014 Recent Advances in
Date PublishedMarch
KeywordsAlgorithm design and analysis, antivirus, automated malicious programs, behavioral specifications, Classification algorithms, dynamic analysis, executable file, feature extraction, Information systems, Internet, invasive software, malicious behavior extraction, malicious data classification, malicious software detection, malicious software mitigation, Malware, malware detection, malware detection system effectiveness improvement, malware detection system efficiency improvement, malwares, NtTrace, obfuscation technology, pattern classification, program diagnostics, security devices, signature database, signature-based detection system, Software, static analysis, structural information, Syntactics, system calls, threat detection, threat mitigation, underground Internet economy, zero-day malware detection

With the rise in the underground Internet economy, automated malicious programs popularly known as malwares have become a major threat to computers and information systems connected to the internet. Properties such as self healing, self hiding and ability to deceive the security devices make these software hard to detect and mitigate. Therefore, the detection and the mitigation of such malicious software is a major challenge for researchers and security personals. The conventional systems for the detection and mitigation of such threats are mostly signature based systems. Major drawback of such systems are their inability to detect malware samples for which there is no signature available in their signature database. Such malwares are known as zero day malware. Moreover, more and more malware writers uses obfuscation technology such as polymorphic and metamorphic, packing, encryption, to avoid being detected by antivirus. Therefore, the traditional signature based detection system is neither effective nor efficient for the detection of zero-day malware. Hence to improve the effectiveness and efficiency of malware detection system we are using classification method based on structural information and behavioral specifications. In this paper we have used both static and dynamic analysis approaches. In static analysis we are extracting the features of an executable file followed by classification. In dynamic analysis we are taking the traces of executable files using NtTrace within controlled atmosphere. Experimental results obtained from our algorithm indicate that our proposed algorithm is effective in extracting malicious behavior of executables. Further it can also be used to detect malware variants.

Citation Key6799525