A Novel Malware Classification Method Based on Crucial Behavior

Recently, some graph-based methods have been proposed for malware detection. However, current malware is generally characterized by sophisticated behaviors, which makes graph-based malware detection extremely challenging. To address this issue, we propose a graph repartition algorithm by transformin...

Full description

Saved in:
Bibliographic Details
Published inMathematical problems in engineering Vol. 2020; no. 2020; pp. 1 - 12
Main Authors Li, Xuelei, Du, Donggao, Sun, Yi, Xiao, Fei, Luo, Min
Format Journal Article
LanguageEnglish
Published Cairo, Egypt Hindawi Publishing Corporation 2020
Hindawi
Hindawi Limited
Subjects
Algorithms
Application programming interface
Behavior
Classification
Deep learning
Engineering
Graph theory
Malware
Methods
Semantics
Online AccessGet full text

Cover

More Information
Summary:Recently, some graph-based methods have been proposed for malware detection. However, current malware is generally characterized by sophisticated behaviors, which makes graph-based malware detection extremely challenging. To address this issue, we propose a graph repartition algorithm by transforming API call graphs into fragment behaviors based on programs’ dynamic execution traces. The proposed algorithm relies on the N-order subgraph (NSG) for constructing the appropriate fragment behavior. Moreover, we improve the term frequency-inverse document frequency- (TF-IDF-) like measure and information gain (IG) to extract the crucial N-order subgraph (CNSG). This novel behavioral representation and improved extraction method can accurately represent crucial behaviors of malware. Experiments on 4,400 samples demonstrate that the proposed method achieves a high accuracy of 99.75% in malware detection and promising performance of 95.27% in malware classification.
ISSN:1024-123X
1563-5147
DOI:10.1155/2020/6804290