Junho Choi (Chosun University, South Korea)
Chang Choi (Chosun University, South Korea)
Ilsun You (Korean Bible University, South Korea)
Pankoo Kim (Chosun University, South Korea)
Abstract: The majority of existing malware detection techniques detects malicious codes by identifying malicious behavior patterns. However, they have difficulty identifying new or modified malicious behaviors; consequently, new techniques that can effectively and accurately detect new malicious behaviors are crucial. This paper proposes a method that defines the malicious behaviors of malware using conceptual graphs that are able to describe their concepts and the relationships among them and, consequently, infer their malicious behavior patterns. The inferred patterns are then learned by a Support Vector Machine (SVM) classifier that compares and classifies the behaviors as either normal or malicious. The results of experiments conducted verify that the proposed method detects malicious codes more efficiently than conventional methods. In the experimental results, it exhibits a better detection rate than that of malicious code detection methods that rely solely on the signature based approach. This suggests that the proposed method is not only suitable for detection of malicious codes, but is also more efficient than other detection methods as it combines the advantages of more than two malicious code detection methods.
Keywords: APT attack defence, conceptual graph, malicious code detection
Categories: D.4.6, I.2.6, K.6.5