Skip to Main content Skip to Navigation
Master thesis

Study of Common Sub-graphs of System Call Dependency Graphs for Malware Classification

Dylan Marinho 1
1 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Distinguishing legitimate software from malicious software is a problem that requires a lot of expertise. In order to create a malware detection software, an approach consists in extracting System Call Dependency Graphs (SCDG) which summarize the behavior of a software. Once SCDGs are extracted, a learning phase identifies sub-graphs characteristic of malicious behaviors. In order to classify the graph of an unknown binary, we look whether it contains such sub-graphs. These techniques proved to be efficient, but no analysis of the sub-graphs extracted during the learning phase has been conducted so far. We study the sub-graphs we find and showcase preprocessing steps on the graphs in order to improve the learning and classification performance. The approach has been applied on graphs extracted from Mirai. Mirai is a malware which created a large botnet in 2016 to perform distributed deny of service attacks. We show that the preprocessing step tremendously improve the speed of the learning and classification.
Complete list of metadata

https://hal.inria.fr/hal-03147651
Contributor : Dylan Marinho <>
Submitted on : Monday, February 22, 2021 - 2:45:19 PM
Last modification on : Thursday, March 11, 2021 - 11:52:02 AM

Licence


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License

Identifiers

  • HAL Id : hal-03147651, version 1

Citation

Dylan Marinho. Study of Common Sub-graphs of System Call Dependency Graphs for Malware Classification. Computer Science [cs]. 2018. ⟨hal-03147651⟩

Share

Metrics

Record views

23

Files downloads

187