AUTOMATIC BEHAVIOUR-BASED ANALYSIS AND CLASSIFICATION SYSTEM FOR MALWARE DETECTION

Jaime Devesa; Igor Santos; Xabier Cantero; Yoseba K. Penya; Pablo G. Bringas

doi:10.5220/0002895203950399

AUTOMATIC BEHAVIOUR-BASED ANALYSIS AND CLASSIFICATION SYSTEM FOR MALWARE DETECTION

Jaime Devesa, Igor Santos, Xabier Cantero, Yoseba K. Penya, Pablo G. Bringas

2010

Abstract

Malware is any kind of program explicitly designed to harm, such as viruses, trojan horses or worms. Since the amount of malware is growing exponentially, it already poses a serious security threat. Therefore, every incoming code must be analysed in order to classify it as malware or benign software. These tests commonly combine static and dynamic analysis techniques in order to extract the major amount of information from distrustful files. Moreover, the increment of the number of attacks hinders manually testing the thousands of suspicious archives that every day reach antivirus laboratories. Against this background, we address here an automatised system for malware behaviour analysis based on emulation and simulation techniques. Hence, creating a secure and reliable sandbox environment allows us to test the suspicious code retrieved without risk. In this way, we can also generate evidences and classify the samples with several machine-learning algorithms. We have developed the proposed solution, testing it with real malware. Finally, we have evaluated it in terms of reliability and time performance, two of the main aspects for such a system to work.

Download

Paper Citation

in Harvard Style

Devesa J., Santos I., Cantero X., K. Penya Y. and G. Bringas P. (2010). AUTOMATIC BEHAVIOUR-BASED ANALYSIS AND CLASSIFICATION SYSTEM FOR MALWARE DETECTION . In Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-8425-05-8, pages 395-399. DOI: 10.5220/0002895203950399

in Bibtex Style

@conference{iceis10,
author={Jaime Devesa and Igor Santos and Xabier Cantero and Yoseba K. Penya and Pablo G. Bringas},
title={AUTOMATIC BEHAVIOUR-BASED ANALYSIS AND CLASSIFICATION SYSTEM FOR MALWARE DETECTION},
booktitle={Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2010},
pages={395-399},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002895203950399},
isbn={978-989-8425-05-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - AUTOMATIC BEHAVIOUR-BASED ANALYSIS AND CLASSIFICATION SYSTEM FOR MALWARE DETECTION
SN - 978-989-8425-05-8
AU - Devesa J.
AU - Santos I.
AU - Cantero X.
AU - K. Penya Y.
AU - G. Bringas P.
PY - 2010
SP - 395
EP - 399
DO - 10.5220/0002895203950399