Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
11-2013
Abstract
In recent years, malware (malicious software) has greatly evolved and has become very sophisticated. The evolution of malware makes it difficult to detect using traditional signature-based malware detectors. Thus, researchers have proposed various behavior-based malware detection techniques to mitigate this problem. However, there are still serious shortcomings, related to scalability and computational complexity, in existing malware behavior modeling techniques. This raises questions about the practical applicability of these techniques. This paper proposes and evaluates a bounded feature space behavior modeling (BOFM) framework for scalable malware detection. BOFM models the interactions between software (which can be malware or benign) and security-critical OS resources in a scalable manner. Information collected at run-time according to this model is then used by machine learning algorithms to learn how to accurately classify software as malware or benign. One of the key problems with simple malware behavior modeling (e.g., n-gram model) is that the number of malware features (i.e., signatures) grows proportional to the size of execution traces, with a resulting malware feature space that is so large that it makes the detection process very challenging. On the other hand, in BOFM, the malware feature space is bounded by an upper limit N, a constant, and the results of our experiments show that its computation time and memory usage are vastly lower than in currently reported, malware detection techniques, while preserving or even improving their high detection accuracy.
Keywords
Malware detection, Malware behavior modeling
Discipline
Software Engineering
Research Areas
Cybersecurity
Publication
Proceedings of the 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), Silicon Valley, USA, November 11-15
First Page
1
Last Page
11
ISBN
9781479902156
Identifier
10.1109/ASE.2013.6693090
Publisher
IEEE
City or Country
USA
Citation
CHANDRAMOHAN, Mahinthan; TAN, Hee Beng Kuan; BRIAND, Lionel C; SHAR, Lwin Khin; and PADMANABHUNI, Bindu Madhavi.
A scalable approach for malware detection through bounded feature space behavior modeling. (2013). Proceedings of the 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), Silicon Valley, USA, November 11-15. 1-11.
Available at: https://ink.library.smu.edu.sg/sis_research/4780
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/ASE.2013.6693090