Malware Obfuscation Detection via Maximal Patterns

Abstract

Malware obfuscation is defined as a program transformation. It is always used in malware to evade detection from anti-malware software. In this paper, we propose a method to detect malware obfuscation using maximal patterns. Maximal pattern is a subsequence in malware’s runtime system call sequence, which frequently appears in program execution, and can be used to describe the program specific behavior. The maximal pattern sequence is extracted from the malware’s runtime system calls, and the similarity between two pattern sequences will be measured by evolutionary similarity. Based on the real-world malwares test data, the experiment results have shown that our method can efficiently detect malware obfuscation.

6 Figures and Tables

Cite this paper

@article{Li2009MalwareOD, title={Malware Obfuscation Detection via Maximal Patterns}, author={Jian Li and Ming Xu and Ning Zheng and Jian Xu}, journal={2009 Third International Symposium on Intelligent Information Technology Application}, year={2009}, volume={2}, pages={324-328} }