Behavior Based Malware Detection Quantitative (2 results)

Buch. Condition: Neu. Druck auf Anfrage Neuware - Printed after ordering - Malware remains one of the biggest IT security threats, with available detection approaches struggling to cope with a professionalized malware development industry. The increasing sophistication of today's malware and the prevalent usage of obfuscation techniques renders traditional static detection approaches increasingly ineffective. This thesis contributes towards improving this situation by proposing a novel effective, robust, and efficient concept of leveraging quantitative data flow analysis for behavior-based malware detection. We interpret system calls, issued by monitored processes, as quantifiable flows of data between system entities, such as files, sockets, or processes. We aggregate multiple flows as quantitative data flow graphs (QDFGs) that model the behavior of a system during a certain period of time. We operationalize this model for behavior-based malware detection in four different ways by either detecting patterns of known malicious behavior in QDFGs of unknown samples, or by profiling and identifying malicious behavior with graph metrics on QDFGs. The core contribution of this thesis is the demonstration that quantitative data flow information improves detection effectiveness compared to non-quantitative analyses. We establish high detection effectiveness, obfuscation robustness, and efficiency by evaluations on a large and diverse malware and goodware data set.

Buch. Condition: Neu. This item is printed on demand - it takes 3-4 days longer - Neuware -Malware remains one of the biggest IT security threats, with available detection approaches struggling to cope with a professionalized malware development industry. The increasing sophistication of today's malware and the prevalent usage of obfuscation techniques renders traditional static detection approaches increasingly ineffective. This thesis contributes towards improving this situation by proposing a novel effective, robust, and efficient concept of leveraging quantitative data flow analysis for behavior-based malware detection. We interpret system calls, issued by monitored processes, as quantifiable flows of data between system entities, such as files, sockets, or processes. We aggregate multiple flows as quantitative data flow graphs (QDFGs) that model the behavior of a system during a certain period of time. We operationalize this model for behavior-based malware detection in four different ways by either detecting patterns of known malicious behavior in QDFGs of unknown samples, or by profiling and identifying malicious behavior with graph metrics on QDFGs. The core contribution of this thesis is the demonstration that quantitative data flow information improves detection effectiveness compared to non-quantitative analyses. We establish high detection effectiveness, obfuscation robustness, and efficiency by evaluations on a large and diverse malware and goodware data set. 236 pp. Englisch.