Skip to Main content Skip to Navigation
Journal articles

Extracting malicious behaviours

Abstract : In recent years, the damage cost caused by malwares is huge. Thus, malware detection is a big challenge. The task of specifying malware takes a huge amount of time and engineering effort since it currently requires the manual study of the malicious code. Thus, in order to avoid the tedious manual analysis of malicious codes, this task has to be automatised. To this aim, we propose in this work to represent malicious behaviours using extended API call graphs, where nodes correspond to API function calls, edges specify the execution order between the API functions, and edge labels indicate the dependence relation between API functions parameters. We define new static analysis techniques that allow to extract such graphs from programs, and show how to automatically extract, from a set of malicious and benign programs, an extended API call graph that represents the malicious behaviours. Finally, we show how this graph can be used for malware detection. We implemented our techniques and obtained encouraging results: 95.66% of detection rate with 0% of false alarms.
Document type :
Journal articles
Complete list of metadata

https://hal-cnrs.archives-ouvertes.fr/hal-03033842
Contributor : Tayssir Touili <>
Submitted on : Tuesday, December 1, 2020 - 3:19:32 PM
Last modification on : Thursday, December 10, 2020 - 3:26:35 AM
Long-term archiving on: : Tuesday, March 2, 2021 - 7:42:08 PM

File

journal-IJICS.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03033842, version 1

Collections

Citation

Khanh Huu The Dam, Tayssir Touili. Extracting malicious behaviours. International Journal of Information and Computer Security, Inderscience, inPress. ⟨hal-03033842⟩

Share

Metrics

Record views

20

Files downloads

13