Code graph for malware detection

Jeong Kyoochang, Lee Heejo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

When an application program is executed for the first time, the results of its execution are not always predictable. Since the host will be damaged by a malware as soon as it is executed, detecting and blocking the malware before its execution is the most effective means of protection. In contrast to current research into the detection of malwares based on their behavior while being executed, we propose a new mechanism which can preview the effect of a program on a system. The mechanism we developed is to represent the distinctions between portable executable binaries. The proposed mechanism analyzes the instructions related to the system-call call sequence in a binary executable and demonstrates the result in the form of a topological graph. This topological graph is called the code graph and the preview system is called the code graph system. We have tested various real application programs with the code graph system and identified their distinctive characteristics which can be used for distinguishing normal softwares from malwares such as worm codes and botnet programs. Our system detected all known malwares used in the experiment, and distinguished 67% of unknown malwares from normal programs. In this paper, we show how to analyze the effects of executable binaries before their execution and normal softwares can be effectively distinguished from malwares by applying the code graph.

Original languageEnglish
Title of host publication2008 International Conference on Information Networking, ICOIN
DOIs
Publication statusPublished - 2008 Aug 25
Event2008 International Conference on Information Networking, ICOIN - Busan, Korea, Republic of
Duration: 2008 Jan 232008 Jan 25

Publication series

Name2008 International Conference on Information Networking, ICOIN

Other

Other2008 International Conference on Information Networking, ICOIN
CountryKorea, Republic of
CityBusan
Period08/1/2308/1/25

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Kyoochang, J., & Heejo, L. (2008). Code graph for malware detection. In 2008 International Conference on Information Networking, ICOIN [4472801] (2008 International Conference on Information Networking, ICOIN). https://doi.org/10.1109/ICOIN.2008.4472801