Abstract. Nowadays, malware is growing rapidly through the last few years and becomes more and more sophisticated as well as dangerous. A striking malware is obfuscation malware that is very difficult to detect. This kind of malware can create new variants that are similar to original malware feature but different about code. In order to deal with such types of malware, many approaches have been proposed, however, some of these approaches are ineffective due to their limited detection range, huge overheads or manual stages. Malware detection based on signature, for example, cannot overcome the obfuscation techniques of malware. Likewise, the behavior-based methods have the natural problems of a monitoring system such as recovery costs and long-lasting detection time. In this paper, we propose a new method (semantic set method) to detect metamorphic malware effectively by using semantic set (a set of changed values of registers or variables allocated in memory when a program is executed). For more details, this semantic set is analyzed by n-gram separator and Naïve Bayes classifier to increase detection accuracy and reduce detection time. This system has been already experimented on different datasets and got the accuracy up to 98% and detection rate almost 100%.
No abstract
To facilitate communication among stakeholders, software security requirements are typically written in natural language and capture both positive requirements (i.e., what the system is supposed to do to ensure security) and negative requirements (i.e., undesirable behavior undermining security). In this paper, we tackle the problem of automatically generating executable security test cases from security requirements in natural language (NL). More precisely, since existing approaches for the generation of test cases from NL requirements verify only positive requirements, we focus on the problem of generating test cases from negative requirements. We propose, apply and assess Misuse Case Programming (MCP), an approach that automatically generates security test cases from misuse case specifications (i.e., use case specifications capturing the behavior of malicious users). MCP relies on natural language processing techniques to extract the concepts (e.g., inputs and activities) appearing in requirements specifications and generates executable test cases by matching the extracted concepts to the members of a provided test driver API. MCP has been evaluated in an industrial case study, which provides initial evidence of the feasibility and benefits of the approach.
Malware is a program used to disrupt computer operation or to gather the sensitive information or to gain access to private computer system. Malware detection methods can only work well on some specific types of malware. For example, API/function based methods can detect malware quickly, but are unable to identify advanced transformable malwares or unknown malwares. To deal with these malwares, researchers proposed data mining methods which can recognize various types of malware. However, these method not only requires more overhead for training and detecting process but also is still ineffective to identify metamorphic malwares. A semantic set, a set of changed values of registers and variables allocated in memory when a program is executed, supports detecting most of malware variants even when they use complicated transformation techniques such as metamorphic malwares. Nevertheless, this approach requires that malware files must be disassembled. Based on analyzed results of these methods, we concluded that these methods can be combined together to create a powerful malware detection system because each method's advantages can cover the others' disadvantages. Namely, each of method is able to perform effectively in the specific range of malwares, so this combined system can detect all types of malware while separately each method could not. In this paper, we proposed an SSSM system (semantic set and string matching detection) which combined three methods: API/function signature based method, data mining method and semantic set method. SSSM system has been experimented on different datasets and achieved the accuracy up to 99.07% and detection rate nearly 100%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.