Visible to the public Profile hidden Markov model for malware classification \#x2014; usage of system call sequence for malware classification

Submitted by grigby1 on Wed, 06/20/2018 - 12:55pm
TitleProfile hidden Markov model for malware classification \#x2014; usage of system call sequence for malware classification
Publication TypeConference Paper
Year of Publication2017
AuthorsPranamulia, R., Asnar, Y., Perdana, R. S.
Conference Name2017 International Conference on Data and Software Engineering (ICoDSE)
KeywordsBioinformatics, biological informatics, DNA, DNA sequences, Grippers, Hidden Markov models, Human Behavior, invasive software, Malware, malware classification, malware files, malware technology, Metrics, Microsoft Windows, obfuscation, obfuscation technique, pattern classification, privacy, profile hidden markov model, protein sequences, proteins, pubcrawl, resilience, Resiliency, system call, system call sequence, Tools, Trojan horses
Abstract

Malware technology makes it difficult for malware analyst to detect same malware files with different obfuscation technique. In this paper we are trying to tackle that problem by analyzing the sequence of system call from an executable file. Malware files which actually are the same should have almost identical or at least a similar sequence of system calls. In this paper, we are going to create a model for each malware class consists of malwares from different families based on its sequence of system calls. Method/algorithm that's used in this paper is profile hidden markov model which is a very well-known tool in the biological informatics field for comparing DNA and protein sequences. Malware classes that we are going to build are trojan and worm class. Accuracy for these classes are pretty high, it's above 90% with also a high false positive rate around 37%.
URLhttps://ieeexplore.ieee.org/document/8285885/
DOI10.1109/ICODSE.2017.8285885
Citation Keypranamulia_profile_2017
Groups: