Abstract
Nowadays, malware is growing rapidly through the last few years and becomes more and more sophisticated as well as dangerous. A striking malware is obfuscation malware that is very difficult to detect. This kind of malware can create new variants that are similar to original malware feature but different about code. In order to deal with such types of malware, many approaches have been proposed, however, some of these approaches are ineffective due to their limited detection range, huge overheads or manual stages. Malware detection based on signature, for example, cannot overcome the obfuscation techniques of malware. Likewise, the behavior-based methods have the natural problems of a monitoring system such as recovery costs and long-lasting detection time. In this paper, we propose a new method (semantic set method) to detect metamorphic malware effectively by using semantic set (a set of changed values of registers or variables allocated in memory when a program is executed). For more details, this semantic set is analyzed by n-gram separator and Naïve Bayes classifier to increase detection accuracy and reduce detection time. This system has been already experimented on different datasets and got the accuracy up to 98% and detection rate almost 100%.
Chapter PDF
Similar content being viewed by others
Keywords
References
Infographic: The State of Malware, McAfee Security (2013), http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
Rad, B.B., Masrom, M., Ibrahim, S.: Camouflage in Malware: From Encryption to Metamorphism. International Journal of Computer Science & Network Security (2012)
Nguyen, A.M., Schear, N., Jung, H., Godiyal, A., King, S.T., Nguyen, H.D.: MAVMM: Lightweight and purpose built VMM for malware analysis. In: Computer Security Applications Conference (2009)
Jain, S., Meena, Y.K.: Byte Level n–Gram Analysis for Malware Detection. In: Venugopal, K.R., Patnaik, L.M. (eds.) ICIP 2011. CCIS, vol. 157, pp. 51–59. Springer, Heidelberg (2011)
Ghiasi, M., Sami, A., Salehi, Z.: DyVSoR: Dynamic Malware Detection Based on Extracting Patterns fromValue Sets of Registers. The ISC International Journal of Information Security (2013)
Alazab, M., Layton, R., Venkataraman, S., Watters, P.: Malware detection based on structural and behavioural features of API calls. In: The Proceedings of the 1st International Cyber Resilience Conference (2010)
Elhadi, A.A.E., Maarof, M.A., Osman, A.H.: Malware Detection Based on Hybrid Signature Behavior Application Programming Interface Call Graph. American Journal of Applied Sciences (2012)
Pyew Python tool, https://code.google.com/p/pyew/
Virus heavens Snapshot, https://archive.org/details/vxheavens-2010-05-18
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Van Nhuong, N., Nhi, V.T.Y., Cam, N.T., Phu, M.X., Tan, C.D. (2014). Semantic Set Analysis for Malware Detection. In: Saeed, K., Snášel, V. (eds) Computer Information Systems and Industrial Management. CISIM 2015. Lecture Notes in Computer Science, vol 8838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45237-0_62
Download citation
DOI: https://doi.org/10.1007/978-3-662-45237-0_62
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45236-3
Online ISBN: 978-3-662-45237-0
eBook Packages: Computer ScienceComputer Science (R0)