Visible to the public Comprehensive Behavior Profiling Model for Malware Classification

TitleComprehensive Behavior Profiling Model for Malware Classification
Publication TypeConference Paper
Year of Publication2018
AuthorsJiang, J., Yin, Q., Shi, Z., Li, M.
Conference Name2018 IEEE Symposium on Computers and Communications (ISCC)
Date PublishedJune 2018
ISBN Number978-1-5386-6950-1
Keywordsappropriate countermeasures, behavior profiling models, complex activities, comprehensive behavior profiling model, Computational modeling, computer network security, Computers, feature extraction, Human Behavior, invasive software, Malware, malware classification, malware classification method, malware network activities, malware variants, Metrics, network behavior based classification methods, Network behavior profiling, Network security, partial network behavior, pattern classification, Payloads, privacy, Protocols, pubcrawl, resilience, Resiliency, security, specific traffic selection, telecommunication traffic

In view of the great threat posed by malware and the rapid growing trend about malware variants, it is necessary to determine the category of new samples accurately for further analysis and taking appropriate countermeasures. The network behavior based classification methods have become more popular now. However, the behavior profiling models they used usually only depict partial network behavior of samples or require specific traffic selection in advance, which may lead to adverse effects on categorizing advanced malware with complex activities. In this paper, to overcome the shortages of traditional models, we raise a comprehensive behavior model for profiling the behavior of malware network activities. And we also propose a corresponding malware classification method which can extract and compare the major behavior of samples. The experimental and comparison results not only demonstrate our method can categorize samples accurately in both criteria, but also prove the advantage of our profiling model to two other approaches in accuracy performance, especially under scenario based criteria.

Citation Keyjiang_comprehensive_2018