A system call analysis method with MapReduce for malware detection

Shun Te Liu, Hui Ching Huang, Yi Ming Chen

研究成果: 書貢獻/報告類型會議論文篇章同行評審

13 引文 斯高帕斯(Scopus)

摘要

System calls have long been used to profile a program as a malware. As previous system call based malware detection approaches are often process-oriented, which determines a process as a malware only by its invoking system calls, they often miss the module-based malware such as DLL-based malware and the co-working malware that splits itself into several programs and co-works to complete their functions. To deal with this problem, the system calls should be collected and analyzed as richly as before. However, analyzing rich system calls will cause a significant performance impact on the clients. Fortunately, with the evolution of distributable computing techniques such as MapReduce, we can overcome this tradeoff by analyzing the system calls for malware detection on the servers and then reduce the performance impact on the clients. In this paper, we revise the previous malware persistent model to cover the module-based and co-working malware. We also propose a MapReduce-based system call analysis method to realize the new model. This method is implemented on a Hadoop platform and uses 50 readworld malware for effective and efficient tests. The experimental results show that the detection rate can improve by 28% and performance can improve by more than 30% in comparison to previous research.

原文???core.languages.en_GB???
主出版物標題Proceedings - 2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
頁面631-637
頁數7
DOIs
出版狀態已出版 - 2011
事件2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011 - Tainan, Taiwan
持續時間: 7 12月 20119 12月 2011

出版系列

名字Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
ISSN(列印)1521-9097

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
國家/地區Taiwan
城市Tainan
期間7/12/119/12/11

指紋

深入研究「A system call analysis method with MapReduce for malware detection」主題。共同形成了獨特的指紋。

引用此