1 research outputs found
Malicious Software Detection and Classification utilizing Temporal-Graphs of System-call Group Relations
In this work we propose a graph-based model that, utilizing relations between
groups of System-calls, distinguishes malicious from benign software samples
and classifies the detected malicious samples to one of a set of known malware
families. More precisely, given a System-call Dependency Graph (ScDG) that
depicts the malware's behavior, we first transform it to a more abstract
representation, utilizing the indexing of System-calls to a set of groups of
similar functionality, constructing thus an abstract and mutation-tolerant
graph that we call Group Relation Graph (GrG); then, we construct another graph
representation, which we call Coverage Graph (CvG), that depicts the dominating
relations between the nodes of a GrG graph. Based on the research so far in the
field, we pointed out that behavior-based graph representations had not
leveraged the aspect of the temporal evolution of the graph. Hence, the novelty
of our work is that, preserving the initial representations of GrG and CvG
graphs, we focus on augmenting the potentials of theses graphs by adding
further features that enhance its abilities on detecting and further
classifying to a known malware family an unknown malware sample. To that end,
we construct periodical instances of the graph that represent its temporal
evolution concerning its structural modifications, creating another graph
representation that we call Temporal Graphs. In this paper, we present the
theoretical background behind our approach, discuss the current technological
status on malware detection and classification and demonstrate the overall
architecture of our proposed detection and classification model alongside with
its underlying main principles and its structural key-components.Comment: 23 pages, 15 figures, 1 tabl