Using a Subtractive Center Behavioral Model to Detect Malware

<table class="table-group" id="tab6"><tr><td><table class="table"><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr class="thead"><td class="align_left">No</td><td class="align_center">Risk IDs</td><td class="align_center">Features</td><td class="align_center">Related sources</td></tr><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr><td class="align_left">1</td><td class="align_center">I12, A</td><td class="align_center">{CreateFileSF}</td><td class="align_center">“c:\windows\...\sfile1.exe”</td></tr><tr><td class="align_left">2</td><td class="align_center">I12, A</td><td class="align_center">{WriteFileSF }</td><td class="align_center">“c:\windows\...\sfile1.exe”</td></tr><tr><td class="align_left">3</td><td class="align_center">I12, I12, A, P</td><td class="align_center">{WriteFileSF, ReadFileSF}</td><td class="align_center">“c:\windows\...\sfile1.exe” “c:\windows\...\sfile1.exe”</td></tr><tr><td class="align_left">4</td><td class="align_center">I12, I22, P, A</td><td class="align_center">{ReadFileSF, WriteFileTP}</td><td class="align_center">“c:\windows\...\sfile1.exe” “c:\programfiles\...\tfile2.exe”</td></tr><tr><td class="align_left">5</td><td class="align_center">I22, P</td><td class="align_center">{SearchDirectoryTP}</td><td class="align_center">“c:\programfiles\...\”</td></tr><tr><td class="align_left">6</td><td class="align_center">I22, I22, P, P</td><td class="align_center">{SearchDirectoryTP, ReadFileTP}</td><td class="align_center">“c:\programfiles\...\” “c:\programfiles\...\tfile1.txt”</td></tr><tr><td class="align_left">7</td><td class="align_center">I21, I22, P, P</td><td class="align_center">{SearchDirectoryTP, ReadFileTP}</td><td class="align_center">“c:\programfiles\...\” “c:\programfiles\...\tfile2.exe”</td></tr><tr><td class="align_left">8</td><td class="align_center">I22, I22, A, A</td><td class="align_center">{WriteFileTP, SetValueTP}</td><td class="align_center">“c:\programFiles\...\tfile2.exe” “hklm\Software\...\...\key1”</td></tr><tr><td class="align_left">9</td><td class="align_center">I31, P</td><td class="align_center">{ReadFileST}</td><td class="align_center">“c:\windows\...\stfile1.dll” “c:\windows\...\stfile2.dll”</td></tr><tr class="table-tr"><td colspan="4"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

Security and Communication Networks

tab6

Table 6

Table 6: Using a Subtractive Center Behavioral Model to Detect Malware 