A behavior based malware detection scheme for avoiding false positive

Yoshiro Fukushima, Akihiro Sakai, Yoshiaki Hori, Kouichi Sakurai

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

23 被引用数 (Scopus)

抄録

The number of malware is increasing rapidly and a lot of malware use stealth techniques such as encryption to evade pattern matching detection by anti-virus software. To resolve the problem, behavior based detection method which focuses on malicious behaviors of malware have been researched. Although they can detect unknown and encrypted malware, they suffer a serious problem of false positives against benign programs. For example, creating files and executing them are common behaviors performed by malware, however, they are also likely performed by benign programs thus it causes false positives. In this paper, we propose a malware detection method based on evaluation of suspicious process behaviors on Windows OS. To avoid false positives, our proposal focuses on not only malware specific behaviors but also normal behavior that malware would usually not do. Moreover, we implement a prototype of our proposal to effectively analyze behaviors of programs. Our evaluation experiments using our malware and benign program datasets show that our malware detection rate is about 60% and it does not cause any false positives. Furthermore, we compare our proposal with completely behavior-based anti-virus software. Our results show that our proposal puts few burdens on users and reduces false positives.

本文言語英語
ホスト出版物のタイトル2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010
ページ79-84
ページ数6
DOI
出版ステータス出版済み - 12 1 2010
イベント2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010 - Kyoto, 日本
継続期間: 10 5 201010 5 2010

出版物シリーズ

名前2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010

その他

その他2010 6th IEEE Workshop on Secure Network Protocols, NPSec 2010
国/地域日本
CityKyoto
Period10/5/1010/5/10

All Science Journal Classification (ASJC) codes

  • コンピュータ ネットワークおよび通信

フィンガープリント

「A behavior based malware detection scheme for avoiding false positive」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル