A Malware and Variant Detection Method Using Function Call Graph Isomorphism
Joint Authors
Bai, Jinrong
Shi, Qibin
Mu, Shiguang
Source
Security and Communication Networks
Issue
Vol. 2019, Issue 2019 (31 Dec. 2019), pp.1-12, 12 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2019-09-22
Country of Publication
Egypt
No. of Pages
12
Main Subjects
Information Technology and Computer Science
Abstract EN
The huge influx of malware variants are generated using packing and obfuscating techniques.
Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants.
Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely.
Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature.
In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants.
Four experiments are designed to evaluate the performance of the proposed method.
Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants.
The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.
American Psychological Association (APA)
Bai, Jinrong& Shi, Qibin& Mu, Shiguang. 2019. A Malware and Variant Detection Method Using Function Call Graph Isomorphism. Security and Communication Networks،Vol. 2019, no. 2019, pp.1-12.
https://search.emarefa.net/detail/BIM-1210227
Modern Language Association (MLA)
Bai, Jinrong…[et al.]. A Malware and Variant Detection Method Using Function Call Graph Isomorphism. Security and Communication Networks No. 2019 (2019), pp.1-12.
https://search.emarefa.net/detail/BIM-1210227
American Medical Association (AMA)
Bai, Jinrong& Shi, Qibin& Mu, Shiguang. A Malware and Variant Detection Method Using Function Call Graph Isomorphism. Security and Communication Networks. 2019. Vol. 2019, no. 2019, pp.1-12.
https://search.emarefa.net/detail/BIM-1210227
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1210227