Graph theoretical method for quickly and accurately detecting zero-day malicious software

A malware and graph theory technology applied in the computer field to achieve low overhead

Inactive Publication Date: 2017-11-03
DONGGUAN UNIV OF TECH
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Sequence-based approaches are efficient, but are vulnerable to obfuscation like garbage insertion and reordering

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Graph theoretical method for quickly and accurately detecting zero-day malicious software
  • Graph theoretical method for quickly and accurately detecting zero-day malicious software
  • Graph theoretical method for quickly and accurately detecting zero-day malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

[0023] This embodiment uses a behavioral graph called an API (or system call in Linux terminology) call graph [5]. Given a sequence of API calls for a program, a unique API call is represented by a fixed point, vertex v 1 and v 2 An edge exists between if and only if the sequence of API calls includes a subsequence of API calls and between. Our key understanding is that the API call graphs of benign and malware have different graph-theoretic properties, and this property can be exploited to distinguish benign from malware. To illustrate this understanding, Figures 1-4 show the time-series and radial layouts of API call graphs for benign and malware, respectively. We visually observe interesting patterns of benign and malware in time-series and radial layouts. exist figure 1 and figure 2 In the time series of both benign and mal...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a graph theoretical method MalZero for quickly and accurately detecting zero-day malicious software. The method is characterized in that features are extracted from API calling graphs to establish a classifier model, benign software and malicious software have different graph theoretical properties in respective API calling graphs, and the graph theoretical features extracted from the API calling graphs can be used for distinguishing the malicious software from the benign software effectively and efficiently. Three modules, namely a graph construction module, a feature extraction module and a graph classification module are involved in the method. Through the MalZero, the malicious software can be quickly and accurately detected on a terminal host, high efficiency is achieved in terms of storage space and detection time, and the MalZero can supplement an existing malicious software detection scheme of the terminal host due to low overhead.

Description

technical field [0001] The invention relates to the field of computers, in particular to a graph theory method for quickly and accurately detecting zero-day malware. Background technique [0002] According to the threat report released by "PandaLabs", an average of 73,000 new types of malicious attack programs are released every day [1]. A recent research report on vulnerability databases shows that about 90% of software vulnerabilities are exploited by malware at the time of release [19]. Malware detection is difficult because signatures of new (or unknown in advance) malware are not available at the time the malware starts. Malware detection has to focus on end hosts because network-based security appliances, such as firewalls and intrusion detection and prevention systems, rely primarily on malware signatures, and signature-based detection methods can hardly detect new malware. Existing antivirus software available on end hosts relies on signature-based malware detectio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 刘向阳
Owner DONGGUAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap