Thursday 18th of January 2018

Semantic Malware Detection by Deploying Graph Mining

Fatemeh Karbalaie, Ashkan Sami and Mansour Ahmadi

Today malware is a serious threat to our society. Several researchers are studying detection and mitigation of malware threats. On the other hand malware authors try to use obfuscation techniques for evading detection. Unfortunately usual approach (e.g., antivirus software) use signature based method which can easily be evaded. For addressing these shortcomings dynamic methods have been introduced. The aim of dynamic methods is to detect the semantic of malware family. Obfuscation of semantic based method is too difficult and results of these methods are promising. However deploying semantic based methods for real time detection have several complications. Current semantic methods are too time-consuming and usually need a robust virtual machine to obtain the behavior. In this paper we present an automatic detection method based on graph mining techniques with near optimal detection rate. That is 96.6% accuracy and only 3.4% false positive. In our method, first the malware is analyzed in a virtual machine environment to observe its semantic. A graph representation of malware behavior is constructed. The representation is based on relationships between system calls and allows rearrangement of system calls. Graph is used for representing the behavior of application because graph, especially labeled graph, can be used to model lots of complicated relation between data. At the next step we mine information graph and extract the most discriminative graphs that separate malware from benign. Finally, a classification method is used and the mentioned accuracy was obtained.

Keywords: Semantic, Malware Detection, System call, frequent sub graph, labeled graph, subgraph isomorphism

Download Full-Text


Fatemeh Karbalaie
Fatemeh Karbalaie has obtained her B.S degree in Computer Science in 2007 at Isfahan Payamenoor University. Since 2009, she is a master student of Computer Engineering at Shiraz University. Her research interests include security and data mining.

Ashkan Sami
Dr. Ashkan Sami has obtained his B.S. from Virginia Tech; Blacksburg, VA; U.S.A., M.S. from Shiraz University; Iran and Ph.D. from Tohoku University; Japan. He is interested in Data Mining, Software Quality and Security. Ashkan has been a member of technical committee of several international conferences like PAKDD, ADMA, HumanCon, and Future Tech and has more than 40 conference paper and nearly 10 journal papers. He is an associate member of IEEE and was among the founding members of Shiraz University CERT.

Mansour Ahmadi
Mansour Ahmadi has obtained his B.S. in Applied Mathematics from Sistan Baloochestan University; Iran and his M.S in software engineering from Islamic Azad university, Arak. He Worked on malware detection as his M.S. thesis under supervision of Dr. Sami and is currently a researcher in Shiraz University CERT.

IJCSI Published Papers Indexed By:





IJCSI is a refereed open access international journal for scientific papers dealing in all areas of computer science research...

Learn more »
Join Us

Read the most frequently asked questions about IJCSI.

Frequently Asked Questions (FAQs) »
Get in touch

Phone: +230 911 5482

More contact details »