PBDG: a malicious code detection method based on precise behaviour dependency graph

被引:0
作者
Tang, Chenghua [1 ,2 ]
Yang, Mengmeng [3 ]
Gao, Qingze [4 ]
Qiang, Baohua [4 ]
机构
[1] Guilin Univ Elect Technol, Guangxi Key Lab Trusted Software, Guilin, Peoples R China
[2] Guangxi Key Lab Cryptog & Informat Secur, Guilin, Peoples R China
[3] Nanyang Technol Univ, Strateg Ctr Res Privacy Preserving Technol & Syst, Singapore, Singapore
[4] Guilin Univ Elect Technol, Guangxi Cloud Comp & Big Data Collaborat Innovat C, Guilin, Peoples R China
来源
INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY | 2024年 / 23卷 / 02期
基金
中国国家自然科学基金;
关键词
malicious code; stain file; path space; behaviour dependency graph; vulnerability detection; MALWARE DETECTION; MODEL;
D O I
10.1504/IJICS.2024.137719
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Using behaviour association or dependency to detect malicious code can improve the recognition rate of malicious code. A malicious code detection method based on precise behaviour dependency graph (PBDG) is proposed. We create a stain file index by filtering the stain source blacklist, which not only saves storage space, but also quickly locates instructions. An active variable path verification algorithm is proposed to verify and purify the Source -> Sink path. The PBDG and its matching algorithm are constructed to identify the malicious code family of the source program. The experimental results on six data sets show the effectiveness of this method. The introduction of active variable paths reduces the number of paths that need to be traversed by 91.2% at most. In terms of the detection effect of malicious code, especially for web applications, it has a good detection accuracy and a low false positive rate.
引用
收藏
页码:163 / 189
页数:28
相关论文
共 28 条
[11]  
[郭方方 Guo Fangfang], 2020, [计算机研究与发展, Journal of Computer Research and Development], V57, P631
[12]   Owner based malware discrimination [J].
Han, Lansheng ;
Liu, Songsong ;
Han, Shuxia ;
Jia, Wenjing ;
Lei, Jingwei .
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2018, 80 :496-504
[13]   Malicious Code Detection Model Based on Behavior Association [J].
Han, Lansheng ;
Qian, Mengxiao ;
Xu, Xingbo ;
Fu, Cai ;
Kwisaba, Hamza .
TSINGHUA SCIENCE AND TECHNOLOGY, 2014, 19 (05) :508-515
[14]   On the use of artificial malicious patterns for android malware detection [J].
Jerbi, Manel ;
Dagdia, Zaineb Chelly ;
Bechikh, Slim ;
Ben Said, Lamjed .
COMPUTERS & SECURITY, 2020, 92
[15]   Towards Secure Open Banking Architecture: An Evaluation with OWASP [J].
Kellezi, Deina ;
Boegelund, Christian ;
Meng, Weizhi .
NETWORK AND SYSTEM SECURITY, NSS 2019, 2019, 11928 :185-198
[16]   Web Attack Detection Using the Input Validation Method: DPDA Theory [J].
Khalaf, Osamah Ibrahim ;
Sokiyna, Munsif ;
Alotaibi, Youseef ;
Alsufyani, Abdulmajeed ;
Alghamdi, Saleh .
CMC-COMPUTERS MATERIALS & CONTINUA, 2021, 68 (03) :3167-3184
[17]   DATA -DEPENDENCY FORMALISM FOR DEVELOPING PEER-TO-PEER APPLICATIONS [J].
Lahcen, Ayoub Ait ;
Parigot, Didier ;
Mouline, Salma .
COMPUTING AND INFORMATICS, 2017, 36 (02) :353-385
[18]   Observation-based approximate dependency modeling and its use for program slicing [J].
Lee, Seongmin ;
Binkley, David ;
Feldt, Robert ;
Gold, Nicolas ;
Yoo, Shin .
JOURNAL OF SYSTEMS AND SOFTWARE, 2021, 179
[19]  
Lindner M, 2019, IEEE INTL CONF IND I, P432, DOI [10.1109/indin41052.2019.8972014, 10.1109/INDIN41052.2019.8972014]
[20]   Detection technology of malicious code based on semantic [J].
Lu, Qingmei ;
Wang, Yulin .
MULTIMEDIA TOOLS AND APPLICATIONS, 2017, 76 (19) :19543-19555
123