A graph-based model for malicious code detection exploiting dependencies of system-call groups

Abstract: In this paper we present an elaborated graph-based algorithmic technique for efficient malware detection. More precisely, we utilize the system-call dependency graphs (or, for short ScD graphs), obtained by capturing taint analysis traces and a set of various similarity metrics in order to detect whether an unknown test sample is a malicious or a benign one. For the sake of generalization, we decide to empower our model against strong mutations by applying our detection technique on a weighted directed graph r… Show more

“…This work uses the PageRank algorithm to calculate the weights of the graph edges and the Hamming distance weighted by the weights. Other works that use system calls graphs can be seen in [3], [4].…”

“…In our analysis and simulation of the different techniques, we have observed that the number of STIDE sequences is greater than the number of system calls and graph edges, being STIDE the technique with the greatest time complexity. Therefore, the complexity of the detection stage (CD) will be similar to C1 as defined in (4). CD = (n) (4) The complexity of the second stage is a function of the combination module, which is related to the number of components of the input vector.…”

“…Although application-level intrusion detection systems (IDS) based on the use of system calls are relatively old [1], there has been a significant increase in the number of research papers using system calls to detect intrusions in recent times [2]- [4].…”

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

“…This work uses the PageRank algorithm to calculate the weights of the graph edges and the Hamming distance weighted by the weights. Other works that use system calls graphs can be seen in [3], [4].…”

“…In our analysis and simulation of the different techniques, we have observed that the number of STIDE sequences is greater than the number of system calls and graph edges, being STIDE the technique with the greatest time complexity. Therefore, the complexity of the detection stage (CD) will be similar to C1 as defined in (4). CD = (n) (4) The complexity of the second stage is a function of the combination module, which is related to the number of components of the input vector.…”

“…Although application-level intrusion detection systems (IDS) based on the use of system calls are relatively old [1], there has been a significant increase in the number of research papers using system calls to detect intrusions in recent times [2]- [4].…”

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

A graph-based model for malware detection and classification using system-call groups

Behavior-based detection and classification of malicious software utilizing structural characteristics of group sequence graphs