Loading...

Markhor: malware detection using fuzzy similarity of system call dependency sequences

Mohammadzade Lajevardi, A ; Sharif University of Technology | 2022

39 Viewed
  1. Type of Document: Article
  2. DOI: 10.1007/s11416-021-00383-1
  3. Publisher: Springer-Verlag Italia s.r.l , 2022
  4. Abstract:
  5. Static malware detection approaches are time-consuming and cannot deal with code obfuscation techniques. Dynamic malware detection approaches, on the other hand, address these two challenges, however, suffer from behavioral ambiguity, such as the system calls obfuscation. In this paper, we introduce Markhor, a dynamic and behavior-based malware detection approach. Markhor uses system call data dependency and system call control dependency sequences to create a weighted list of malicious patterns. The list is then used to determine the malicious processes. Next, the similarity of a file system call sequences to a malicious pattern is extracted based on a fuzzy algorithm and the file nature is determined. The evaluation results reveal the efficiency of Markhor in terms of accuracy (0.982), precision (0.976), and F-measure (0.982). © 2021, The Author(s), under exclusive licence to Springer-Verlag France SAS, part of Springer Nature
  6. Keywords:
  7. Fuzzy sets ; Behavior-based ; Code obfuscation ; Data dependencies ; Evaluation results ; Fuzzy algorithms ; Fuzzy similarity ; Malware detection ; Static malware detections ; Malware
  8. Source: Journal of Computer Virology and Hacking Techniques ; Volume 18, Issue 2 , 2022 , Pages 81-90 ; 22638733 (ISSN)
  9. URL: https://link.springer.com/article/10.1007/s11416-021-00383-1