A framework for malware identification based on behavior
Malware is one of the major security threats in a computer and network environment. Modem malware embeds several techniques in order to complicate malware defence. The current malware issues such as zero-day attacks, malware avoidance techniques and hybrid malware are highlighted. Furthermore, a com...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/13456/1/MOHAMAD%20FADLI%20ZOLKIPLI.pdf http://umpir.ump.edu.my/id/eprint/13456/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.ump.umpir.13456 |
|---|---|
| record_format |
eprints |
| spelling |
my.ump.umpir.134562021-08-19T05:16:10Z http://umpir.ump.edu.my/id/eprint/13456/ A framework for malware identification based on behavior Mohamad Fadli, Zolkipli QA76 Computer software T Technology (General) Malware is one of the major security threats in a computer and network environment. Modem malware embeds several techniques in order to complicate malware defence. The current malware issues such as zero-day attacks, malware avoidance techniques and hybrid malware are highlighted. Furthermore, a common approach in malware defence does not provide enough solution to prevent modern malware attacks. Considering the above issues, a new framework for malware identification based on behavior is proposed. This framework consists of three major components; i) behavior analysis, ii) malware prediction and iii) malware target classification. The behavior analysis applies a dynamic approach with a combination of Run Time Analysis and Resource Monitoring. For malware prediction, there are four areas of malware features which are i) process, ii) file, iii) registry, and iv) network activities. The IF-THEN Prediction Rules which is generated using the data mining technique, ID3 Algorithm is used. In the implementation of malware target classification, Structure Level Rules are utilized to classify malware into possible target class. These three major components are integrated together as a cohesive unit for malware identification through knowledge storage. The experiment on the framework shows that as compared to several other related works, this framework provides better solutions on malware behavior definition, prediction and target classification. From the results, it is proven that the framework can be implemented as one of the security practices to counter the modern malware attacks in a computer environment. 2012 Thesis NonPeerReviewed application/pdf en http://umpir.ump.edu.my/id/eprint/13456/1/MOHAMAD%20FADLI%20ZOLKIPLI.pdf Mohamad Fadli, Zolkipli (2012) A framework for malware identification based on behavior. PhD thesis, Universiti Sains Malaysia. |
| institution |
Universiti Malaysia Pahang |
| building |
UMP Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Pahang |
| content_source |
UMP Institutional Repository |
| url_provider |
http://umpir.ump.edu.my/ |
| language |
English |
| topic |
QA76 Computer software T Technology (General) |
| spellingShingle |
QA76 Computer software T Technology (General) Mohamad Fadli, Zolkipli A framework for malware identification based on behavior |
| description |
Malware is one of the major security threats in a computer and network environment. Modem malware embeds several techniques in order to complicate malware defence. The current malware issues such as zero-day attacks, malware avoidance techniques and hybrid malware are highlighted. Furthermore, a common approach in malware defence does not provide enough solution to prevent modern malware attacks. Considering the above issues, a new framework for malware identification based on behavior is proposed. This framework consists of three major components; i) behavior analysis, ii) malware prediction and iii) malware target classification. The behavior analysis applies a dynamic approach with a combination of Run Time Analysis and Resource Monitoring. For malware prediction, there are four areas of malware features which are i) process, ii) file, iii) registry, and iv) network activities. The IF-THEN Prediction Rules which is generated using the data mining technique, ID3 Algorithm is used. In the implementation of malware target classification, Structure Level Rules are utilized to classify malware into possible target class. These three major components are integrated together as a cohesive unit for malware identification through knowledge storage. The experiment on the framework shows that as compared to several other related works, this framework provides better solutions on malware behavior definition, prediction and target classification. From the results, it is proven that the framework can be implemented as one of the security practices to counter the modern malware attacks in a computer environment. |
| format |
Thesis |
| author |
Mohamad Fadli, Zolkipli |
| author_facet |
Mohamad Fadli, Zolkipli |
| author_sort |
Mohamad Fadli, Zolkipli |
| title |
A framework for malware identification based on behavior |
| title_short |
A framework for malware identification based on behavior |
| title_full |
A framework for malware identification based on behavior |
| title_fullStr |
A framework for malware identification based on behavior |
| title_full_unstemmed |
A framework for malware identification based on behavior |
| title_sort |
framework for malware identification based on behavior |
| publishDate |
2012 |
| url |
http://umpir.ump.edu.my/id/eprint/13456/1/MOHAMAD%20FADLI%20ZOLKIPLI.pdf http://umpir.ump.edu.my/id/eprint/13456/ |
| _version_ |
1709667632596123648 |
| score |
13.214268 |