Full Text:   <5044>

Summary:  <1613>

CLC number: TP309.5

On-line Access: 2018-07-02

Received: 2016-11-26

Revision Accepted: 2017-02-21

Crosschecked: 2018-05-08

Cited: 0

Clicked: 8255

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Bo Yu

http://orcid.org/0000-0001-6576-5555

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2018 Vol.19 No.5 P.583-603

http://doi.org/10.1631/FITEE.1601745


A survey of malware behavior description and analysis


Author(s):  Bo Yu, Ying Fang, Qiang Yang, Yong Tang, Liu Liu

Affiliation(s):  College of Computer, National University of Defense Technology, Changsha 410073, China

Corresponding email(s):   yubo0615@nudt.edu.cn, fangying15@nudt.edu.cn, q.yang@nudt.edu.cn, ytang@nudt.edu.cn, hotmailliuliu@163.com

Key Words:  Malware behavior, Static analysis, Dynamic Analysis, Behavior data expression, Behavior analysis, Machine learning, Semantics-based analysis, Behavior visualization, Semantics-based analysis


Share this article to: More |Next Article >>>

Bo Yu, Ying Fang, Qiang Yang, Yong Tang, Liu Liu. A survey of malware behavior description and analysis[J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19(5): 583-603.

@article{title="A survey of malware behavior description and analysis",
author="Bo Yu, Ying Fang, Qiang Yang, Yong Tang, Liu Liu",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="19",
number="5",
pages="583-603",
year="2018",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1601745"
}

%0 Journal Article
%T A survey of malware behavior description and analysis
%A Bo Yu
%A Ying Fang
%A Qiang Yang
%A Yong Tang
%A Liu Liu
%J Frontiers of Information Technology & Electronic Engineering
%V 19
%N 5
%P 583-603
%@ 2095-9184
%D 2018
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1601745

TY - JOUR
T1 - A survey of malware behavior description and analysis
A1 - Bo Yu
A1 - Ying Fang
A1 - Qiang Yang
A1 - Yong Tang
A1 - Liu Liu
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 19
IS - 5
SP - 583
EP - 603
%@ 2095-9184
Y1 - 2018
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1601745


Abstract: 
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.

恶意代码行为描述与分析综述

摘要:基于行为的分析是恶意代码自动分析和检测过程中的一项重要技术,近年来得到学术界和工业界极大关注。恶意代码行为分析技术,能够避免传统静态分析技术遇到的恶意代码混淆的障碍,也能够通过行为描述规范表达恶意代码样本多样化的行为类型。目前,虽有一些关注恶意代码行为分析的工作,但基于行为的恶意代码分析技术仍未成熟,目前尚未发现介绍当前研究进展和发展挑战的综述。本文从3个方面对恶意代码的行为描述和分析进行综述:恶意代码行为描述,恶意代码行为分析模型,可视化。首先,全面梳理了现有行为分析技术的分析目标、原则、特点和分类,包括现有行为数据类型和描述方法;其次,从多方面分析恶意代码分析的不足和挑战;最后,探讨了潜在研究热点。

关键词:恶意代码行为;静态分析;动态分析;行为数据表示;行为分析;机器学习;基于语义的分析;行为可视化;恶意代码演化

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Alam S, Horspool RN, Traore I, et al., 2015. A framework for metamorphic malware analysis and real-time detection. Comput Secur, 48:212-233.

[2]Alazab M, 2015. Profiling and classifying the behavior of malicious codes. J Syst Softw, 100:91-102.

[3]Alazab M, Venkataraman S, Watters P, 2010. Towards Understanding malware behaviour by the extraction of API calls. Proc 2nd Cybercrime and Trustworthy Computing Workshop, p.52-59.

[4]Anderson B, Storlie C, Lane T, 2012. Improving malware classification: Bridging the static/dynamic gap. Proc 5th ACM Workshop on Security and Artificial Intelligence, p.3-14.

[5]Anderson B, Lane T, Hash C, 2014. Malware phylogenetics based on the multiview graphical lasso. Proc 13th Int Symposium on Advances in Intelligent Data Analysis XIII, p.1-12.

[6]Arp D, Spreitzenbarth M, Hübner M, et al., 2014. DREBIN: effective and explainable detection of Android malware in your pocket. Proc 17th Network and Distributed System Security Symp, p.1-16.

[7]Babić D, Reynaud D, Song DW, 2011. Malware analysis with tree automata inference. Proc 23rd Int Conf on Computer Aided Verification, p.116-131.

[8]Babić D, Reynaud D, Song DW, 2012. Recognizing malicious software behaviors with tree automata inference. Form Methods Syst Des, 41(1):107-128.

[9]Bailey M, Oberheide J, Andersen J, et al., 2007. Automated classification and analysis of Internet malware. Proc 10th Int Symp on Recent Advances in Intrusion Detection, p.178-197.

[10]Barnum S, 2012. Standardizing cyber threat intelligence information with the structured threat information eXpression (STIXTM). https://www.mitre.org/sites/default/ files/publications/stix.pdf

[11]Bauman E, Ayoade G, Lin ZQ, 2015. A survey on hypervisor-based monitoring: approaches, applications, and evolutions. ACM Comput Surv, 48(1), Article 10.

[12]Bayer U, Kruegel C, Kirda E, 2006. TTAnalyze: a tool for analyzing malware. Proc 15th Annual Conf of the European Institute for Computer Antivirus Research, p.180-192.

[13]Bayer U, Comparetti PM, Hlauscheck C, et al., 2009. Scalable, behavior-based malware clustering. Proc 16th Symp on Network and Distributed System Security, p.1-21.

[14]Bayer U, Habibi I, Balzarotti D, et al., 2014. A view on current malware behaviors. Proc 2nd USENIX Conf on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p.8.

[15]Beaucamps P, Gnaedig I, Marion JY, 2010. Behavior abstraction in malware analysis. Proc 1st Int Conf on Runtime Verification, p.168-182.

[16]Beaucamps P, Gnaedig I, Marion JY, 2012. Abstraction-based malware analysis using rewriting and model checking. Proc 17th European Symp on Research in Computer Security, p.806-823.

[17]Belaoued M, Mazouzi S, 2015. A real-time pe-malware detection system based on CHI-square test and pe-file features. Proc 5th IFIP TC 5 Int Conf on Science and Its Applications, p.416-425.

[18]Biggio B, Rieck K, Ariu D, et al., 2014. Poisoning behavioral malware clustering. Proc Workshop on Artificial Intelligent and Security Workshop, p.27-36.

[19]Bos H, 2013. Analysis report of behavioral features. http://www.wombat-project.eu/2010/07/wombat-deliverable-d16d42-anal.html

[20]Brumley D, Hartwig C, Liang ZK, et al., 2008. Automatically identifying trigger-based behavior in malware. In: Lee W, Wang C, Dagon D (Eds.), Botet Detection. Springer, Boston, MA, p.65-88.

[21]Canfora G, Mercaldo F, Visaggio CA, 2016. An hmm and structural entropy based detector for Android malware: an empirical study. Comput Secur, 61:1-18.

[22]Cao Y, Miao QG, Liu JC, et al., 2013. Abstracting minimal security-relevant behaviors for malware analysis. J Comput Virol Hack Tech, 9(4):193-204.

[23]Cen L, Gates CS, Si L, et al., 2015. A probabilistic discriminative model for Android malware detection with decompiled source code. IEEE Trans Depend Sec Comput, 12(4):400-412.

[24]Cesare S, Xiang Y, Zhou WL, 2014. Control flow-based malware variant detection. IEEE Trans Depend Sec Comput, 11(4):307-317.

[25]Chandramohan M, Tan HBK, Shar LK, 2012. Scalable malware clustering through coarse-grained behavior modeling. Proc ACM SIGSOFT 20th Int Symp on the Foundations of Software Engineering, article 27.

[26]Christodorescu M, Jha S, Kruegel C, 2008. Mining specifications of malicious behavior. Proc 1st India Software Engineering Conf, p.5-14.

[27]Chuang HY, Wang SD, 2015. Machine learning based hybrid behavior models for Android malware analysis. Proc IEEE Int Conf on Software Quality, Reliability and Security, p.201-206.

[28]Comparetti PM, Salvaneschi G, Kirda E, et al., 2010. Identifying dormant functionality in malware programs. Proc IEEE Symp on Security and Privacy, p.61-76.

[29]Cuckoo, 2017. Cuckoo sandbox. https://cuckoosandbox.org

[30]Dahl GE, Stokes JW, Deng L, et al., 2013. Large-scale malware classification using random projections and neural networks. Proc IEEE Int Conf on Acoustics, Speech and Signal Processing, p.3422-3426.

[31]Damodaran A, di Troia F, Visaggio CA, et al., 2017. A comparison of static, dynamic, and hybrid analysis for malware detection. J Comput Virol Hack Tech, 13(1): 1-12.

[32]Das S, Liu Y, Zhang W, et al., 2016. Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans Inform Forens Secur, 11(2): 289-302.

[33]Deschamps N, 2008. Specification language for code behavior. http://wombat-project.eu/WP4/FP7-ICT-216026-Wombat_WP4_D08_V01_Specification_language_for_code_behaviour.pdf

[34]Dinaburg A, Royal P, Sharif M, et al., 2008. Ether: malware analysis via hardware virtualization extensions. Proc 15th ACM Conf on Computer and Communications Security, p.51-62.

[35]Ding YX, Yuan XB, Tang K, et al., 2013. A fast malware detection algorithm based on objective-oriented association mining. Comput Secur, 39:315-324.

[36]Ding YX, Dai W, Yan SL, et al., 2014. Control flow-based opcode behavior analysis for malware detection. Comput Secur, 44:65-74.

[37]Dube T, Raines R, Peterson G, et al., 2012. Malware target recognition via static heuristics. Comput Secur, 31(1): 137-147.

[38]Dumitras T, Neamtiu I, 2011. Experimental challenges in cyber security: a story of provenance and lineage for malware. Proc 4th Conf on Cyber Security Experimen-tation and Test, p.9.

[39]Egele M, Scholte T, Kirda E, et al., 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv, 44(2), Article 6.

[40]Elhadi AAE, Maarof MA, Barry BIA, et al., 2014. Enhancing the detection of metamorphic malware using call graphs. Comput Secur, 46:62-78.

[41]Feng Y, Anand S, Dillig I, et al., 2014. Apposcopy: semantics-based detection of Android malware through static analysis. Proc 22nd ACM SIGSOFT Int Symp on Foundations of Software Engineering, p.576-587.

[42]Feng Y, Bastani O, Martins R, et al., 2017. Automated synthesis of semantic malware signatures using maxi-mum satisfiability. Proc Network and Distributed System Security Symp, p.1-16.

[43]Fratantonio Y, Bianchi A, Robertson W, et al., 2016. Triggerscope: towards detecting logic bombs in Android applications. Proc IEEE Symp on Security and Privacy, p.377-396.

[44]Fredrikson M, Jha S, Christodorescu M, et al., 2010. Synthesizing near-optimal malware specifications from suspicious behaviors. Proc IEEE Symp on Security and Privacy, p.45-60.

[45]Galal HS, Mahdy YB, Atiea MA, 2016. Behavior-based features model for malware detection. J Comput Virol Hack Tech, 12(2):59-67.

[46]Grégio ARA, Baruque AOC, Afonso VM, et al., 2012. Interactive, visual-aided tools to analyze malware behavior. Proc 12th Int Conf on Computational Science and Its Applications, p.302-313.

[47]Gupta A, Kuppili P, Akella A, et al., 2009. An empirical study of malware evolution. Proc 1st Int Communication Systems and NETworks and Workshops, p.1-10.

[48]Haass JC, Ahn GJ, Grimmelmann F, 2015. ACTRA: a case study for threat information sharing. Proc 2nd ACM Workshop on Information Sharing and Collaborative Security, p.23-26.

[49]Huang HD, Acampora G, Loia V, et al., 2011. Applying FML and fuzzy ontologies to malware behavioural analysis. Proc IEEE Int Conf on Fuzzy Systems, p.2018-2025.

[50]Huang HD, Lee CS, Wang MH, et al., 2014. IT2FS-based ontology with soft-computing mechanism for malware behavior analysis. Soft Comput, 18(2):267-284.

[51]Huang L, Joseph AD, Nelson B, et al., 2011. Adversarial machine learning. Proc 4th ACM Workshop on Security and Artificial Intelligence, p.43-58.

[52]Inoue D, Yoshioka K, Eto M, et al., 2009. Automated malware analysis system and its sandbox for revealing malware’s internal and external activities. IEICE Trans Inform Syst, E92.D(5):945-954.

[53]Jacob G, Debar H, Filiol E, 2009. Malware behavioral detection by attribute-automata using abstraction from platform and language. Proc 12th Int Symp on Recent Advances in Intrusion Detection, p.81-100.

[54]Jang J, Woo M, Brumley D, 2013. Towards automatic software lineage inference. Proc 22nd USENIX Conf on Security, p.81-96.

[55]Kharraz A, Arshad S, Mulliner C, et al., 2016. UNVEIL: a large-scale, automated approach to detecting ransomware. Proc 25th USENIX Security Symp, p.757-772.

[56]Kirat D, Vigna G, 2015. MalGene: automatic extraction of malware analysis evasion signature. Proc 22nd ACM SIGSAC Conf on Computer and Communications Security, p.769-780.

[57]Kirat D, Vigna G, Kruegel C, 2014. Barecloud: bare-metal analysis-based evasive malware detection. Proc 23rd USENIX Conf on Security Symp, p.287-301.

[58]Kirda E, Kruegel C, Banks G, et al., 2006. Behavior-based spyware detection. Proc 15th Conf on USENIX Security Symp, Article 19.

[59]Kirillov I, Beck D, Chase P, et al., 2011. Malware attribute enumeration and characterization (MAEC™). http://maec.mitre.org/

[60]Kokkonen T, Hautamaki J, Siltanen J, et al., 2016. Model for sharing the information of cyber security situation awareness between organizations. Proc 23rd Int Conf on Telecommunications, p.1-5.

[61]Kruegel C, 2014. Full system emulation: achieving successful automated dynamic analysis of evasive malware. Lastline, Inc., Las Vegas, NV, USA.

[62]Lanzi A, Sharif M, Lee W, 2009. K-Tracer: a system for extracting kernel malware behavior. Proc Network and Distributed System Security Symp, p.163-169.

[63]Lebiere C, Bennati S, Thomson R, et al., 2015. Functional cognitive models of malware identification. Proc 13th Annual Conf on Cognitive Modeling, p.90-95.

[64]Leder F, Steinbock B, Martini P, 2009. Classification and detection of metamorphic malware using value set analysis. Proc 4th Int Conf on Malicious and Unwanted Software, p.39-46.

[65]Lee T, Choi B, Shin Y, et al., 2015. Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient. J Supercomput, p.1-15.

[66]Lindorfer M, Kolbitsch C, Comparetti PM, 2011. Detecting environment-sensitive malware. Proc 14th Int Symp on Recent Advances in Intrusion Detection, p.338-357.

[67]Liu L, Wang BS, Yu B, et al., 2016. A novel selective ensemble learning based on K-means and negative correlation. Proc 2nd Int Conf on Cloud Computing and Security, p.578-588.

[68]Martignoni L, Stinson E, Fredrikson M, et al., 2008. A layered architecture for detecting malicious behaviors. Proc 11th Int Symp on Recent Advances in Intrusion Detection, p.78-97.

[69]Martignoni L, Paleari R, Bruschi D, 2009. A framework for behavior-based malware analysis in the cloud. Proc 5th Int Conf on Information Systems Security, p.178-192.

[70]Miao QG, Liu JC, Cao Y, et al., 2016. Malware detection using bilayer behavior abstraction and improved one-class support vector machines. Int J Inform Secur, 15(4):361-379.

[71]Ming J, Xin Z, Lan PW, et al., 2015. Replacement attacks: automatically impeding behavior-based malware specifications. Proc 13th Int Conf on Applied Cryptography and Network Security, p.497-517.

[72]Ming J, Xin Z, Lan PW, et al., 2017. Impeding behavior-based malware analysis via replacement attacks to malware specifications. J Comput Virol Hack Tech, 13(3):193-207.

[73]Mithal T, Shah K, Singh DK, 2016. Case studies on intelligent approaches for static malware analysis. In: Shetty NR, Prasad NH, Nalini N (Eds.), Emerging Research in Computing, Information, Communication and Applications. Springer, Singapore, p.555-567.

[74]Mohaisen A, Alrawi O, 2015. AMAL: high-fidelity, behavior-based automated malware analysis and classification. Proc 15th Int Workshop on Information Security Applications, p.107-121.

[75]Moonsamy V, Tian RH, Batten L, 2012. Feature reduction to speed up malware classification. Proc 16th Nordic Conf on Information Security Technology for Applications, p.176-188.

[76]Moser A, Kruegel C, Kirda E, 2007. Exploring multiple execution paths for malware analysis. Proc IEEE Symp on Security and Privacy, p.231-245.

[77]Naval S, Laxmi V, Rajarajan M, et al., 2015. Employing program semantics for malware detection. IEEE Trans Inform Forens Secur, 10(12):2591-2604.

[78]Neugschwandtner M, Platzer C, Comparetti PM, et al., 2010. dAnubis—dynamic device driver analysis based on virtual machine introspection. Proc 7th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.41-60.

[79]Nunes E, Buto C, Shakarian P, et al., 2015. Malware task identification: a data driven approach. Proc IEEE/ACM Int Conf on Advances in Social Networks Analysis and Mining, p.978-985.

[80]O’Kane P, Sezer S, McLaughlin K, et al., 2013. SVM training phase reduction using dataset feature filtering for malware detection. IEEE Trans Inform Forens Secur, 8(3):500-509.

[81]Palahan S, Babić D, Chaudhuri S, et al., 2013. Extraction of statistically significant malware behaviors. Proc 29th Annual Computer Security Applications Conf, p.69-78.

[82]Park Y, Reeves DS, Stamp M, 2013. Deriving common malware behavior through graph clustering. Comput Secur, 39:419-430.

[83]Pleszkoch M, Linger R, 2015. Controlling combinatorial complexity in software and malware behavior computation. Proc 10th Annual Cyber and Information Security Research Conf, Article 15.

[84]Poeplau S, Fratantonio Y, Bianchi A, et al., 2014. Execute this! Analyzing unsafe and malicious dynamic code loading in Android applications. Proc Network and Distributed System Security Symp, p.23-26.

[85]Razak MFA, Anuar NB, Salleh R, et al., 2016. The rise of “malware”: bibliometric analysis of malware study. J Netw Comput Appl, 75:58-76.

[86]Rieck K, Holz T, Willems C, et al., 2008. Learning and classification of malware behavior. Proc 5th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.108-125.

[87]Rieck K, Trinius P, Willems C, et al., 2011. Automatic analysis of malware behavior using machine learning. J Comput Secur, 19(4):639-668.

[88]Riley R, Jiang XX, Xu DY, 2009. Multi-aspect profiling of kernel rootkit behavior. Proc 4th ACM European Conf on Computer Systems, p.47-60.

[89]Royal P, Halpin M, Dagon D, et al., 2006. PolyUnpack: automating the hidden-code extraction of unpack-executing malware. Proc 22nd Annual Computer Security Applications Conf, p.289-300.

[90]Saxe J, Mentis D, Greamo C, 2012. Visualization of shared system call sequence relationships in large malware corpora. Proc 9th Int Symp on Visualization for Cyber Security, p.33-40.

[91]Saxe J, Turner R, Blokhin K, 2014. Crowdsource: automated inference of high level malware functionality from low-level symbols using a crowd trained machine learning model. Proc 9th Int Conf on Malicious and Unwanted Software: the Americas, p.68-75.

[92]Shan ZY, Wang X, 2014. Growing grapes in your computer to defend against malware. IEEE Trans Inform Forens Secur, 9(2):196-207.

[93]Shi HB, Hamagami T, Yoshioka K, et al., 2014. Structural classification and similarity measurement of malware. IEEJ Trans Electr Electron Eng, 9(6):621-632.

[94]Shosha AF, Liu C, Gladyshev P, et al., 2012. Evasion-resistant malware signature based on profiling kernel data structure objects. Proc 7th Int Conf on Risk and Security of Internet and Systems, p.1-8.

[95]Sirinda P, 2014. A framework for mining significant subgraphs and its application in malware analysis. PhD Thesis, The Pennsylvania State University, Pennsylvania, USA.

[96]Suarez-Tangil G, Conti M, Tapiador JE, et al., 2014. Detecting targeted smartphone malware with behavior-triggering stochastic models. Proc 19th European Symp on Research in Computer Security, p.183-201.

[97]Sun MK, Lin MJ, Chang M, et al., 2011. Malware virtualization-resistant behavior detection. Proc 17th Int Conf on Parallel and Distributed Systems, p.912-917.

[98]Thomson R, Lebiere C, Bennati S, et al., 2015. Malware identification using cognitively-inspired inference. Proc 24th Annual Behavior Representation in Modeling and Simulation Conf, p.1-8.

[99]Trinius P, Holz T, Göbel J, et al., 2009. Visual analysis of malware behavior using treemaps and thread graphs. Proc 6th Int Workshop on Visualization for Cyber Security, p.33-38.

[100]Trinius P, Willems C, Holz T, et al., 2011. A malware instruction set for behavior-based analysis. http://subs.emis.de/LNI/Proceedings/Proceedings170/article5739.html

[101]Walenstein A, Lakhotia A, 2012. A transformation-based model of malware derivation. Proc 7th Int Conf on Malicious and Unwanted Software, p.17-25.

[102]Wang SW, Wang BS, Yong T, et al., 2015. Malware clustering based on SNN density using system calls. Proc 1st Int Conf on Cloud Computing and Security, p.181-191.

[103]Wang Z, Jiang XX, Cui WD, et al., 2008. Countering persistent kernel rootkits through systematic hook discovery. Proc 11th Int Symp on Recent Advances in Intrusion Detection, p.21-38.

[104]Watson MR, Shirazi NUH, Marnerides AK, et al., 2016. Malware detection in cloud computing infrastructures. IEEE Trans Depend Sec Comput, 13(2):192-205.

[105]Wu DJ, Mao CH, Wei TE, et al., 2012. DroidMat: Android malware detection through manifest and API calls tracing. Proc 7th Asia Joint Conf on Information Security, p.62-69.

[106]Wüchner T, Ochoa M, Pretschner A, 2015. Robust and effective malware detection through quantitative data flow graph metrics. Proc 12th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.98-118.

[107]Yang C, Xu ZY, Gu GF, et al., 2014. DroidMiner: automated mining and characterization of fine-grained malicious behaviors in Android applications. Proc 19th European Symp on Research in Computer Security, p.163-182.

[108]Yang W, Xiao XS, Andow B, et al., 2015. AppContext: differentiating malicious and benign mobile app behaviors using context. Proc 37th IEEE Int Conf on Software Engineering, p.303-313.

[109]Yavvari C, Tokhtabayev A, Rangwala H, et al., 2012. Malware characterization using behavioral components. Proc 6th Int Conf on Mathematical Methods, Models, and Architectures for Computer Network Security, p.226-239.

[110]Yerima SY, Sezer S, Muttik I, 2015. High accuracy Android malware detection using ensemble learning. IET Inform Secur, 9(6):313-320.

[111]Yin H, Liang ZK, Song D, 2008. HookFinder: identifying and understanding malware hooking behaviors. Proc Network and Distributed System Security Symp, p.1-16.

[112]Yuan JF, Qiang WZ, Jin H, et al., 2014. Cloudtaint: an elastic taint tracking framework for malware detection in the cloud. J Supercomput, 70(3):1433-1450.

[113]Zhang FW, Leach K, Stavrou A, et al., 2015. Using hardware features for increased debugging transparency. Proc IEEE Symp on Security and Privacy, p.55-69.

[114]Zhang H, Yao DF, Ramakrishnan N, et al., 2016. Causality reasoning about network events for detecting stealthy malware activities. Comput Secur, 58:180-198.

[115]Zhang M, Duan Y, Yin H, et al., 2014. Semantics-aware Android malware classification using weighted contextual API dependency graphs. Proc ACM SIGSAC Conf on Computer and Communications Security, p.1105-1116.

[116]Zhao ZQ, Wang JF, Bai JR, 2014. Malware detection method based on the control-flow construct feature of software. IET Inform Secur, 8(1):18-24.

[117]Zhou YJ, Jiang XX, 2012. Dissecting Android malware: characterization and evolution. Proc IEEE Symp on Security and Privacy, p.95-109.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE