Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2015, Article ID 769624, 20 pages
http://dx.doi.org/10.1155/2015/769624
Research Article

Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph

1Graduate School of Information Security, Korea University, Seoul 136-713, Republic of Korea
2Computer Science and Engineering Department, State University of New York at Buffalo (SUNY Buffalo), Buffalo, NY 14260-2500, USA

Received 19 May 2015; Accepted 3 August 2015

Academic Editor: Michael Small

Copyright © 2015 Jae-wook Jang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. AV-TEST: The Independent IT-Security Institute, 2015, http://www.av-test.org/en/statistics/malware/.
  2. KrebsonSecurity: Antivirus is Dead: Long Live Antivirus!, 2014, http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/.
  3. U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda, “Scalable, behavior-based malware clustering,” in Proceedings of the 16th Annual Network and Distributed System Security Symposium, San Diego, Calif, USA, February 2009.
  4. U. Bayer, C. Kruegel, and E. Kirda, “TTAnalyze: a tool for analyzing malware,” in Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research, pp. 180–192, 2006.
  5. D. Yuxin, Y. Xuebing, Z. Di, D. Li, and A. Zhanchao, “Feature representation and selection in malicious code detection methods based on static system calls,” Computers & Security, vol. 30, no. 6-7, pp. 514–524, 2011. View at Publisher · View at Google Scholar · View at Scopus
  6. J. Dai, R. Guha, and J. Lee, “Efficient virus detection using dynamic instruction sequences,” Journal of Computers, vol. 4, no. 5, pp. 405–414, 2009. View at Google Scholar · View at Scopus
  7. B. Anderson, D. Quist, J. Neil, C. Storlie, and T. Lane, “Graph-based malware detection using dynamic analysis,” Journal in Computer Virology, vol. 7, no. 4, pp. 247–258, 2011. View at Publisher · View at Google Scholar · View at Scopus
  8. C. Kolbitsch, P. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang, “Effective and efficient malware detection at the end host,” in Proceedings of the 18th USENIX Security Symposium, pp. 351–366, Montreal, Canada, August 2009.
  9. D. Bruschi, L. Martignoni, and M. Monga, “Detecting self-mutating malware using control-flow graph matching,” in Proceedings of the 3rd International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, pp. 129–143, 2006.
  10. X. Hu, T.-C. Chiueh, and K. G. Shin, “Large-scale malware indexing using function-call graphs,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), pp. 611–620, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  11. J. Lee, K. Jeong, and H. Lee, “Detecting metamorphic malwares using code graphs,” in Proceedings of the 25th Annual ACM Symposium on Applied Computing, pp. 1970–1977, March 2010. View at Publisher · View at Google Scholar · View at Scopus
  12. T. Wüchner, M. Ochoa, and A. Pretschner, “Malware detection with quantitative data flow graphs,” in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIA CCS '14), pp. 271–282, June 2014. View at Publisher · View at Google Scholar
  13. M. Christodorescu and S. Jha, “Static analysis of executables to detect malicious patterns,” in Proceedings of the 12th USENIX Security Symposium, pp. 169–186, Washington, DC, USA, August 2003.
  14. J. Z. Kolter and M. A. Maloof, “Learning to detect malicious executables in the wild,” in Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–487, Seattle, Wash, USA, 2004.
  15. D. K. S. Reddy and A. K. Pujari, “N-gram analysis for computer virus detection,” Journal in Computer Virology, vol. 2, no. 3, pp. 231–239, 2006. View at Publisher · View at Google Scholar · View at Scopus
  16. S. M. Tabish, M. Z. Shafiq, and M. Farooq, “Malware detection using statistical analysis of byte-level file content,” in Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, pp. 23–31, June 2009. View at Publisher · View at Google Scholar · View at Scopus
  17. M. K. Shankarapani, S. Ramamoorthy, R. S. Movva, and S. Mukkamala, “Malware detection using assembly and API call sequences,” Journal in Computer Virology, vol. 7, no. 2, pp. 107–119, 2011. View at Publisher · View at Google Scholar · View at Scopus
  18. A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala, “Static analyzer of vicious executables (SAVE),” in Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC '04), pp. 326–334, IEEE Computer Society, Washington, DC, USA, December 2004. View at Publisher · View at Google Scholar · View at Scopus
  19. C. Wang, J. Pang, R. Zhao, W. Fu, and X. Liu, “Malware detection based on suspicious behavior identification,” in Proceedings of the 1st International Workshop on Education Technology and Computer Science, pp. 198–202, March 2009. View at Publisher · View at Google Scholar · View at Scopus
  20. M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, “Synthesizing near-optimal malware specifications from suspicious behaviors,” in Proceedings of the 31st IEEE Symposium on Security and Privacy (SP '10), pp. 45–60, May 2010. View at Publisher · View at Google Scholar · View at Scopus
  21. M. Egele, T. Scholte, E. Kirda, and C. Kruegel, “A survey on automated dynamic malware-analysis techniques and tools,” ACM Computing Surveys, vol. 44, no. 2, article 6, 2012. View at Publisher · View at Google Scholar · View at Scopus
  22. G. Cheliotis, “Social network analysis,” Tech. Rep., The Saylor Foundation, 2013. View at Google Scholar
  23. M. E. J. Newman, “The structure and function of complex networks,” SIAM Review, vol. 45, no. 2, pp. 167–256, 2003. View at Publisher · View at Google Scholar · View at Scopus
  24. A. A. E. Elhadi, M. A. Maarof, and B. I. A. Barry, “Improving the detection of malware behaviour using simplified data dependent API call graph,” International Journal of Security and its Applications, vol. 7, no. 5, pp. 29–42, 2013. View at Publisher · View at Google Scholar · View at Scopus
  25. M. E. J. Newman, “Power laws, Pareto distributions and Zipf's law,” Contemporary Physics, vol. 46, no. 5, pp. 323–351, 2005. View at Publisher · View at Google Scholar · View at Scopus
  26. M. Newman, Networks: An Introduction, Oxford University Press, Oxford, UK, 2010.
  27. M. E. J. Newman, D. J. Watts, and S. H. Strogatz, “Random graph models of social networks,” Proceedings of the National Academy of Sciences of the United States of America, vol. 99, no. 1, pp. 2566–2572, 2002. View at Publisher · View at Google Scholar · View at Scopus
  28. A. Rusinowska, R. Berghammer, H. De Swart, and M. Grabisch, “Social networks: prestige, centrality, and influence,” in Relational and Algebraic Methods in Computer Science, vol. 6663 of Lecture Notes in Computer Science, pp. 22–39, Springer, Berlin, Germany, 2011. View at Publisher · View at Google Scholar
  29. L. Martignoni, R. Paleari, and D. Bruschi, “A framework for behavior-based malware analysis in the cloud,” in Proceedings of the 5th International Conference on Information Systems Security, pp. 178–192, 2009.
  30. X. Wang, Z. Li, N. Li, and J. Choi, “PRECIP: towards practical and retrofittable confidential information protection,” in Proceedings of the 15th Network and Distributed System Security Symposium, 2008.
  31. Y. Virkar and A. Clauset, “Power-law distributions in binned empirical data,” http://arxiv.org/abs/1208.3524.
  32. T. W. Valente, K. Coronges, C. Lakon, and E. Costenbader, “How correlated are network centrality measures?” Connections, vol. 28, no. 1, pp. 16–26, 2008. View at Google Scholar
  33. F. Ahmed, H. Hameed, M. Shafiq, and M. Farooq, “Using spatio-temporal information in API calls with machine learning algorithms for malware detection,” in Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pp. 55–62, 2009.
  34. I. Firdausi, C. Lim, A. Erwin, and A. Nugroho, “Analysis of machine learning techniques used in behavior-based malware detection,” in Proceedings of the 2nd International Conference on Advances in Computing, Control and Telecommunication Technologies, pp. 201–203, 2010.
  35. M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, “Data mining methods for detection of new malicious executables,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 38–49, May 2001. View at Scopus
  36. A. Mohaisen and O. Alrawi, “Unveiling zeus: automated classification of malware samples,” in Proceedings of the 22nd International Conference on World Wide Web (WWW '13), pp. 829–832, May 2013. View at Scopus
  37. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, “Learning and classification of malware behavior,” in Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 108–125, Paris, France, July 2008.
  38. R. Tian, R. Islam, L. Batten, and S. Versteeg, “Differentiating malware from cleanware using behavioural analysis,” in Proceedings of the 5th International Conference on Malicious and Unwanted Software, pp. 23–30, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  39. T. Liu, X. Guan, Q. Zheng, K. Lu, Y. Song, and W. Zhang, “Prototype demonstration: Trojan detection and defense system,” in Proceedings of the 6th IEEE Consumer Communications and Networking Conference (CCNC '09), pp. 1–2, IEEE, Las Vegas, Nev, USA, January 2009. View at Publisher · View at Google Scholar · View at Scopus
  40. Y.-X. Meng, “The practice on using machine learning for network anomaly intrusion detection,” in Proceedings of the International Conference on Machine Learning and Cybernetics (ICMLC '11), pp. 576–581, IEEE, Guilin, China, July 2011. View at Publisher · View at Google Scholar · View at Scopus
  41. M. Siddiqui, M. Wang, and J. Lee, “Detecting internet worms using data mining techniques,” Journal of Systemics, Cybernetics and Informatics, vol. 6, no. 6, pp. 48–53, 2009. View at Google Scholar
  42. E. Menahem, A. Shabtai, L. Rokach, and Y. Elovici, “Improving malware detection by applying multi-inducer ensemble,” Computational Statistics & Data Analysis, vol. 53, no. 4, pp. 1483–1494, 2009. View at Publisher · View at Google Scholar · View at Scopus
  43. T. Dube, R. Raines, G. Peterson, K. Bauer, M. Grimaila, and S. Rogers, “Malware target recognition via static heuristics,” Computers & Security, vol. 31, no. 1, pp. 137–147, 2012. View at Publisher · View at Google Scholar · View at Scopus
  44. Theodoridis, Sergios and Koutroumbas, Konstantinos: Pattern Recognition, Academic Press, 4th edition, 2008.
  45. P.-N. Tan, M. Steinbach, and V. Kumar, Vipin: Introduction to Data Mining, Addison-Wesley Longman, Boston, Mass, USA, 1st edition, 2005.
  46. Virustotal, Virustotal, free online virus and malware scan, 2015, https://www.virustotal.com/.
  47. Download.com, CNET Download.com: free software download, 2015, http://download.cnet.com/windows/.
  48. S. Borgatti, M. Everett, and L. Freeman, Ucinet for Windows: Software for Social Network Analysis, Analytic Technologies, Harvard, Mass, USA, 2002.
  49. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, “Automating mimicry attacks using static binary analysis,” in Proceedings of the 14th Conference on USENIX Security Symposium—Volume 14 (SSYM '05), p. 11, Berkeley, Calif, USA, August 2005.
  50. D. Wagner and P. Soto, “Mimicry attacks on host-based intrusion detection systems,” in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02), pp. 255–264, ACM, November 2002. View at Scopus