Open AccessMining malicious behavioural patterns
Author(s) -
Seifi Hassan,
Parsa Saeed
Publication year - 2018
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2017.0079
Subject(s) - malware , discriminative model , obfuscation , computer science , signature (topology) , artificial intelligence , machine learning , data mining , computer security , mathematics , geometry
Most malware producers bypass signature‐based detections through obfuscation techniques. Therefore, in order to provide proactive and real‐time protection, the researchers have begun to develop strategies for behaviour‐based detection. Despite of being a popular and promising non‐deterministic solution to detect various forms of malware families, behavioural modelling techniques suffer from relatively high false positive rate in malware detection. To overcome this problem, the authors shall seek for identifying patterns, representing malicious intent in all instances of a malware family. In this study, they propose a new technique based on discriminative graph mining techniques to identify discriminative subgraphs. The subgraphs represent behavioural patterns in each malware family. Their evaluation results demonstrate an average of 91% accuracy in detection of malicious programme behaviours, with no false positive.