PBDG: a malicious code detection method based on precise behaviour dependency graph

被引：0

作者：

Tang, Chenghua ^{[1
,2
]}

Yang, Mengmeng ^{[3
]}

Gao, Qingze ^{[4
]}

Qiang, Baohua ^{[4
]}

机构：

[1] Guilin Univ Elect Technol, Guangxi Key Lab Trusted Software, Guilin, Peoples R China

[2] Guangxi Key Lab Cryptog & Informat Secur, Guilin, Peoples R China

[3] Nanyang Technol Univ, Strateg Ctr Res Privacy Preserving Technol & Syst, Singapore, Singapore

[4] Guilin Univ Elect Technol, Guangxi Cloud Comp & Big Data Collaborat Innovat C, Guilin, Peoples R China

来源：

INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY | 2024年 / 23卷 / 02期

基金：

中国国家自然科学基金;

关键词：

malicious code; stain file; path space; behaviour dependency graph; vulnerability detection; MALWARE DETECTION; MODEL;

D O I：

10.1504/IJICS.2024.137719

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Using behaviour association or dependency to detect malicious code can improve the recognition rate of malicious code. A malicious code detection method based on precise behaviour dependency graph (PBDG) is proposed. We create a stain file index by filtering the stain source blacklist, which not only saves storage space, but also quickly locates instructions. An active variable path verification algorithm is proposed to verify and purify the Source -> Sink path. The PBDG and its matching algorithm are constructed to identify the malicious code family of the source program. The experimental results on six data sets show the effectiveness of this method. The introduction of active variable paths reduces the number of paths that need to be traversed by 91.2% at most. In terms of the detection effect of malicious code, especially for web applications, it has a good detection accuracy and a low false positive rate.

引用

页码：163 / 189

页数：28

共 28 条

[1] Approximate Data Dependence Graph Generation Using Adaptive Sampling [J].

Abbas, Mostafa M. ;

El-Mahdy, Ahmed .

PROCEEDINGS OF 45TH INTERNATIONAL CONFERENCE ON PARALLEL PROCESSING WORKSHOPS (ICPPW 2016), 2016, :329-337

[2] Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems [J].

Cheng, Long ;

Tian, Ke ;

Yao, Danfeng ;

Sha, Lui ;

Beyah, Raheem A. .

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (02) :825-842

[3] AnDarwin: Scalable Detection of Android Application Clones Based on Semantics [J].

Crussell, Jonathan ;

Gibler, Clint ;

Chen, Hao .

IEEE TRANSACTIONS ON MOBILE COMPUTING, 2015, 14 (10) :2007-2019

[4] Extracting malicious behaviours [J].

Dam, Khanh Huu The ;

Touili, Tayssir .

INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY, 2022, 17 (3-4) :365-404

[5] A malware detection method based on family behavior graph [J].

Ding, Yuxin ;

Xia, Xiaoling ;

Chen, Sheng ;

Li, Ye .

COMPUTERS & SECURITY, 2018, 73 :73-86

[6]

Dong H., 2017, Journal of University of Electronic Science and Technology of China, V46, P435

[7] Pruning external minimality checking for answer set programs using semantic dependencies [J].

Eiter, Thomas ;

Kaminski, Tobias .

ARTIFICIAL INTELLIGENCE, 2021, 290

[8] Enhancing the detection of metamorphic malware using call graphs [J].

Elhadi, Ammar Ahmed E. ;

Maarof, Mohd Aizaini ;

Barry, Bazara I. A. ;

Hamza, Hentabli .

COMPUTERS & SECURITY, 2014, 46 :62-78

[9] Behavior-based features model for malware detection [J].

Galal H.S. ;

Mahdy Y.B. ;

Atiea M.A. .

Journal of Computer Virology and Hacking Techniques, 2016, 12 (02) :59-67

[10]

[郭帆 Guo Fan], 2021, [计算机科学与探索, Journal of Frontiers of Computer Science & Technology], V15, P270

← 1 2 3 →