Visible to the public Bytecode Heuristic Signatures for Detecting Malware Behavior

TitleBytecode Heuristic Signatures for Detecting Malware Behavior
Publication TypeConference Paper
Year of Publication2019
AuthorsHăjmăȿan, Gheorghe, Mondoc, Alexandra, Creț, Octavian
Conference Name2019 Conference on Next Generation Computing Applications (NextComp)
Date Publishedsep
Keywordsbehavior, behavior based detection, bytecode, bytecode heuristic signatures, computational complexity, Computer languages, digital signatures, hash-based signatures, heuristic, Instruction sets, invasive software, low performance overhead, malicious applications, Malware, malware behavior, malware detection, Monitoring, predictability, proactive approaches, proactive behavior heuristics, Prototypes, pubcrawl, reactive security solutions, Resiliency, response time, Scalability, security, Security Heuristics, signature, virtual machines, Virtual machining
AbstractFor a long time, the most important approach for detecting malicious applications was the use of static, hash-based signatures. This approach provides a fast response time, has a low performance overhead and is very stable due to its simplicity. However, with the rapid growth in the number of malware, as well as their increased complexity in terms of polymorphism and evasion, the era of reactive security solutions started to fade in favor of new, proactive approaches such as behavior based detection. We propose a novel approach that uses an interpreter virtual machine to run proactive behavior heuristics from bytecode signatures, thus combining the advantages of behavior based detection with those of signatures. Based on our approximation, using this approach we succeeded to reduce by 85% the time required to update a behavior based detection solution to detect new threats, while continuing to benefit from the versatility of behavior heuristics.
Citation Keyhajmasan_bytecode_2019