A Semantic-based Malware Behavior Feature Extracting System
Detection based on features is most popular to prevent malware these days, and the detection capability is based on the feature abstracting method and describing capability. The current abstracting and matching methods are susceptible to obfuscation technologies, and cannot deal with the variants which are emerging quickly. This paper implements a malware features extracting system based on semantic. This system can abstract the critical behaviors of malware and the dependencies between them through dynamic analysis, and modify the features for preventing obfuscation considering semantic irrelevancy and semantic equivalency to improve the describing capabilities of the malware features. This paper also designs a corresponding detecting method to test these features. The results prove that the method in this paper improves the capability to prevent obfuscation, and can adapt to malware variants.
malware feature extracting dynamic taint analysis behavior dependency semantic analysis
Wang Rui Nie Chu-Jiang Su Pu-Rui Feng Deng-Guo
State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing, China
国际会议
成都
英文
771-775
2010-12-17(万方平台首次上网日期,不代表论文的发表时间)