Authors:
Khanh-Huu-The Dam
1
and
Tayssir Touili
2
Affiliations:
1
University Paris Diderot and LIPN, France
;
2
LIPN and CNRS and University Paris 13, France
Keyword(s):
Machine Learning, Graph Kernel, Malware Detection, Static Analysis.
Abstract:
Malware detection is nowadays a big challenge. The existing techniques for malware detection require a huge effort of engineering to manually extract the malicious behaviors. To avoid this tedious task of manually discovering malicious behaviors, we propose in this paper to apply learning for malware detection.
Given a set of malwares and a set of benign programs, we show how learning techniques can be applied in order to detect malware.
For that, we use abstract API graphs to represent programs. Abstract API graphs are graphs whose nodes are API functions and whose edges represent the order of execution of the different calls to the API functions (i.e., functions supported by the operating system). To learn malware, we apply well-known learning techniques based on Random Walk Graph Kernel (combined with Support Vector Machines). We can achieve a high detection rate with only few false alarms (98.93% for detection rate with 1.24% of false alarms).
Moreover, we show that our techniqu
es are able to detect several malwares that could not be detected by well-known and widely used antiviruses such as Avira, Kaspersky, Avast, Qihoo-360, McAfee, AVG, BitDefender, ESET-NOD32, F-Secure, Symantec or Panda.
(More)