Skip to Main content Skip to Navigation
Conference papers

DiffSig: Resource Differentiation Based Malware Behavioral Concise Signature Generation

Abstract : Malware obfuscation obscures malware into a different form that’s functionally identical to the original one, and makes syntactic signature ineffective. Furthermore, malware samples are huge and growing at an exponential pace. Behavioral signature is an effective way to defeat obfuscation. However, state-of-the-art behavioral signature, behavior graph, is although very effective but unfortunately too complicated and not scalable to handle exponential growing malware samples; in addition, it is too slow to be used as real-time detectors. This paper proposes an anti-obfuscation and scalable behavioral signature generation system, DiffSig, which voids information-flow tracking which is the chief culprit for the complex and inefficiency of graph behavior, thus, losing some data dependencies, but describes handle dependencies more accurate than graph behavior by restrict the profile type of resource that each handle dependency can reference to. Our experiment results show that DiffSig is scalable and efficient, and can detect new malware samples effectively.
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, March 1, 2017 - 11:04:43 AM
Last modification on : Thursday, March 2, 2017 - 1:04:26 AM
Long-term archiving on: : Tuesday, May 30, 2017 - 2:25:32 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Huabiao Lu, Baokang Zhao, Xiaofeng Wang, Jinshu Su. DiffSig: Resource Differentiation Based Malware Behavioral Concise Signature Generation. 1st International Conference on Information and Communication Technology (ICT-EurAsia), Mar 2013, Yogyakarta, Indonesia. pp.271-284, ⟨10.1007/978-3-642-36818-9_28⟩. ⟨hal-01480181⟩



Record views


Files downloads