HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Master thesis

Study of Common Sub-graphs of System Call Dependency Graphs for Malware Classification

Dylan Marinho 1
1 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Distinguishing legitimate software from malicious software is a problem that requires a lot of expertise. In order to create a malware detection software, an approach consists in extracting System Call Dependency Graphs (SCDG) which summarize the behavior of a software. Once SCDGs are extracted, a learning phase identifies sub-graphs characteristic of malicious behaviors. In order to classify the graph of an unknown binary, we look whether it contains such sub-graphs. These techniques proved to be efficient, but no analysis of the sub-graphs extracted during the learning phase has been conducted so far. We study the sub-graphs we find and showcase preprocessing steps on the graphs in order to improve the learning and classification performance. The approach has been applied on graphs extracted from Mirai. Mirai is a malware which created a large botnet in 2016 to perform distributed deny of service attacks. We show that the preprocessing step tremendously improve the speed of the learning and classification.
Complete list of metadata

Contributor : Dylan Marinho Connect in order to contact the contributor
Submitted on : Monday, February 22, 2021 - 2:45:19 PM
Last modification on : Monday, April 4, 2022 - 9:28:24 AM
Long-term archiving on: : Sunday, May 23, 2021 - 6:10:03 PM


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License


  • HAL Id : hal-03147651, version 1


Dylan Marinho. Study of Common Sub-graphs of System Call Dependency Graphs for Malware Classification. Computer Science [cs]. 2018. ⟨hal-03147651⟩



Record views


Files downloads