Enhanced Approach to Detect Malicious VBScript Files Based on Data Mining Techniques

被引：3

作者：

Wael, Doaa ^{[1
,2
]}

Sayed, Samir G. ^{[2
,3
]}

AbdelBaki, Nashwa ^{[1
]}

机构：

[1] Nile Univ, Giza, Egypt

[2] NTRA, EG CERT, Giza, Egypt

[3] Helwan Univ, Cairo, Egypt

来源：

9TH INTERNATIONAL CONFERENCE ON EMERGING UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (EUSPN-2018) / 8TH INTERNATIONAL CONFERENCE ON CURRENT AND FUTURE TRENDS OF INFORMATION AND COMMUNICATION TECHNOLOGIES IN HEALTHCARE (ICTH-2018) | 2018年 / 141卷

关键词：

Malicious scripts; Malware analysis; VBScripts; Script-based malware;

D O I：

10.1016/j.procs.2018.10.127

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Script-based malware has been used profusely in last years. It is not only provides malware writers with traditional capabilities of File-based malware but also, increases the evasion techniques by deploying different easy methods of script obfuscation techniques. Moreover, according to McAfee Labs Threat Report, Script-based malwares were used to hit healthcare sector in 2017. Healthcare accounted for more than 26 percent of the 52 million new cyber incidents in the second quarter of 2017. In this paper, new detection features have been added to Wael et. al's algorithm in order to improve the detection ratio and decrease the false positive results. The proposed algorithm is used to detect malicious scripts specifically for VBScript files. It is based on machine learning techniques and static analysis of the defined features. Experimental results show that the suggested algorithm can achieve 98% detection ratio. (C) 2018 The Authors. Published by Elsevier Ltd.

引用

页码：552 / 558

页数：7

共 22 条

[1] Dynamic Malware Detection using API Similarity
Alkhateeb, Ehab M.
[J]. 2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY (CIT), 2017, : 297 - 301
[2] Structural entropy and metamorphic malware
Baysa, Donabelle
Low, Richard M.
Stamp, Mark
[J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2013, 9 (04): : 179 - 192
[3] Bazrafshan Z., 2015, INF KNOWL TECHN IKT, P1
[4] Malware Automatic Analysis
Borges de Andrade, Cesar Augusto
de Mello, Claudio Gomes
Duarte, Julio Cesar
[J]. 2013 1ST BRICS COUNTRIES CONGRESS ON COMPUTATIONAL INTELLIGENCE AND 11TH BRAZILIAN CONGRESS ON COMPUTATIONAL INTELLIGENCE (BRICS-CCI & CBIC), 2013, : 681 - 686
[5] Cheng H, 2012, 2012 INTERNATIONAL CONFERENCE ON WAVELET ACTIVE MEDIA TECHNOLOGY AND INFORMATION PROCESSING (LCWAMTIP), P29, DOI 10.1109/ICWAMTIP.2012.6413432
[6] Defining Malicious Behavior
Dornhackl, Hermann
Kadletz, Konstantin
Luh, Robert
Tavolato, Paul
[J]. 2014 NINTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES), 2015, : 273 - 278
[7] Analysis of Malware Behaviour: Using data Mining Clustering Techniques to Support Forensics Investigation
Edem, Edem Inang
Benzaid, Chafika
Al-Nemrat, Ameer
Watters, Paul
[J]. 2014 5TH CYBERCRIME AND TRUSTWORTHY COMPUTING CONFERENCE CTC, 2014, : 54 - 63
[8] Feature selection method based on mutual information and class separability for dimension reduction in multidimensional time series for clinical data
Fang, Liying
Zhao, Han
Wang, Pu
Yu, Mingwei
Yan, Jianzhuo
Cheng, Wenshuai
Chen, Peiyu
[J]. BIOMEDICAL SIGNAL PROCESSING AND CONTROL, 2015, 21 : 82 - 89
[9] Fraley J. B., 2016, 2016 IEEE 7 ANN UB C, P1
[10] Kilgallon S, 2017, 2017 RESILIENCE WEEK (RWS), P30, DOI 10.1109/RWEEK.2017.8088644

← 1 2 3 →