research-article

Disguised malware script detection system using hybrid genetic algorithm

Authors:

Byung-Ro MoonAuthors Info & Claims

SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

Pages 182 - 187

https://doi.org/10.1145/2480362.2480401

Published: 18 March 2013 Publication History

Abstract

Malicious software, or malware for short, is one of the most serious threats to computer systems. There are various disguise techniques that hide malware from being detected, and these techniques are becoming more sophisticated. Traditional signature-based detection systems often can not cope with disguised malware timely. In this paper, we propose a new approach to detect disguised malware scripts. The proposed system consists of a metric-based detection algorithm and a hybrid genetic algorithm. We use the frequencies of token occurrences as a metric, and separate identifiers from other program tokens. The genetic algorithm tries further detection by extracting the main core of a program. Experimental tests showed that the proposed system successfully detected a number of newly generated malware scripts which existing anti-viruses missed more than half of. The system would be suitable for an offline malware detection which requires high quality.

References

[1]

J. Aycock. Computer Viruses and Malware. Springer, 2006.

Digital Library

[2]

M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12, pages 12--12, Berkeley, CA, USA, 2003. USENIX Association.

Digital Library

[3]

J. A. W. Faidhi and S. K. Robinson. An empirical approach for detecting program similarity and plagiarism within a university programming environment. Comput. Educ., 11:11--19, January 1987.

Digital Library

[4]

L. Jiang, G. Misherghi, Z. Su, and S. Glondu. Deckard: Scalable and accurate tree-based detection of code clones. In Proceedings of the 29th international conference on Software Engineering, ICSE '07, pages 96--105, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[5]

K. Kim and B.-R. Moon. Malware detection based on dependency graph using hybrid genetic algorithm. In Proceedings of the 12th annual conference on Genetic and evolutionary computation, GECCO '10, pages 1211--1218, New York, NY, USA, 2010. ACM.

Digital Library

[6]

A. Kingsley-Hughes, K. Kingsley-Hughes, and D. Read. VBScript Programmer's Reference, Third Edition. Wiley Publishing, Inc., 2007.

Digital Library

[7]

T. Lancaster and F. Culwin. A Comparison of Source Code Plagiarism Detection Engines. Computer Science Education, 14:101--112, June 2004.

[8]

J. Lee, K. Jeong, and H. Lee. Detecting metamorphic malwares using code graphs. In Proceedings of the 2010 ACM Symposium on Applied Computing, SAC '10, pages 1970--1977, New York, NY, USA, 2010. ACM.

Digital Library

[9]

J. Li, M. Xu, N. Zheng, and J. Xu. Malware obfuscation detection via maximal patterns. In Intelligent Information Technology Application, 2009. IITA 2009. Third International Symposium on, volume 2, pages 324--328, nov. 2009.

Digital Library

[10]

P. Likarish, E. Jung, and I. Jo. Obfuscated malicious javascript detection using classification techniques. In Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, pages 47--54, oct. 2009.

[11]

C. Liu, C. Chen, J. Han, and P. S. Yu. Gplag: detection of software plagiarism by program dependence graph analysis. In Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '06, pages 872--881, New York, NY, USA, 2006. ACM.

Digital Library

[12]

J. Mayrand, C. Leblanc, and E. M. Merlo. Experiment on the automatic detection of function clones in a software system using metrics. Software Maintenance, IEEE International Conference on, 0:244, 1996.

Digital Library

[13]

I. Muttik. Stripping down an avengine. In Virus Bulletin Conference, pages 59--68, 2000.

[14]

S. Noreen, S. Murtaza, M. Z. Shafiq, and M. Farooq. Evolvable malware. In Proceedings of the 11th Annual conference on Genetic and evolutionary computation, GECCO '09, pages 1569--1576, New York, NY, USA, 2009. ACM.

Digital Library

[15]

S. Noreen, S. Murtaza, M. Z. Shafiq, and M. Farooq. Using formal grammar and genetic operators to evolve malware. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, RAID '09, pages 374--375, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[16]

K. J. Ottenstein. An algorithmic approach to the detection and prevention of plagiarism. SIGCSE Bull., 8:30--41, December 1976.

Digital Library

[17]

C. K. Roy and J. R. Cordy. A survey on software clone detection research. Technical Report 2007--541, School of Computing, Queen's University at Kingston, Ontario, Canada, 2007.

[18]

A. Walenstein and A. Lakhotia. The software similarity problem in malware analysis. In R. Koschke, E. Merlo, and A. Walenstein, editors, Duplication, Redundancy, and Similarity in Software, number 06301 in Dagstuhl Seminar Proceedings, Dagstuhl, Germany, 2007. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany.

[19]

Q. Zhang and D. Reeves. Metaaware: Identifying metamorphic malware. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 411--420, dec. 2007.

Cited By

Wael DSayed SAbdelBaki N(2018)Enhanced Approach to Detect Malicious VBScript Files Based on Data Mining TechniquesProcedia Computer Science10.1016/j.procs.2018.10.127141(552-558)Online publication date: 2018
https://doi.org/10.1016/j.procs.2018.10.127
Wael DShosha ASayed S(2017)Malicious VBScript detection algorithm based on data-mining techniques2017 Intl Conf on Advanced Control Circuits Systems (ACCS) Systems & 2017 Intl Conf on New Paradigms in Electronics & Information Technology (PEIT)10.1109/ACCS-PEIT.2017.8303028(112-116)Online publication date: Nov-2017
https://doi.org/10.1109/ACCS-PEIT.2017.8303028
Bazrafshan ZHamzeh A(2015)Metamorphic malware categorization using co-evolutionary algorithm2015 7th Conference on Information and Knowledge Technology (IKT)10.1109/IKT.2015.7288668(1-6)Online publication date: May-2015
https://doi.org/10.1109/IKT.2015.7288668

Index Terms

Disguised malware script detection system using hybrid genetic algorithm
1. Computing methodologies
  1. Artificial intelligence
    1. Search methodologies
      1. Heuristic function construction
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

New malware detection system using metric-based method and hybrid genetic algorithm
GECCO '12: Proceedings of the 14th annual conference companion on Genetic and evolutionary computation

Malicious software, or malware for short, is one of the most serious threats to computer systems. Malware disguise techniques are becoming more sophisticated, and signature-based malware detection systems can not cope with disguised malware timely. In ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Malware Detection Method Focusing on Anti-debugging Functions
CANDAR '14: Proceedings of the 2014 Second International Symposium on Computing and Networking

Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

March 2013

2124 pages

ISBN:9781450316569

DOI:10.1145/2480362

Conference Chairs:
Sung Y. Shin
South Dakota State University, United States
,
José Carlos Maldonado
ICMC - University of São Paulo, Brazil

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 March 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Brain Korea 21 Project
National Research Foundation of Korea
Ministry of Education, Science and Technology

Conference

SAC '13

Sponsor:

SIGAPP

SAC '13: SAC '13

March 18 - 22, 2013

Coimbra, Portugal

Acceptance Rates

SAC '13 Paper Acceptance Rate 255 of 1,063 submissions, 24%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
263
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wael DSayed SAbdelBaki N(2018)Enhanced Approach to Detect Malicious VBScript Files Based on Data Mining TechniquesProcedia Computer Science10.1016/j.procs.2018.10.127141(552-558)Online publication date: 2018
https://doi.org/10.1016/j.procs.2018.10.127
Wael DShosha ASayed S(2017)Malicious VBScript detection algorithm based on data-mining techniques2017 Intl Conf on Advanced Control Circuits Systems (ACCS) Systems & 2017 Intl Conf on New Paradigms in Electronics & Information Technology (PEIT)10.1109/ACCS-PEIT.2017.8303028(112-116)Online publication date: Nov-2017
https://doi.org/10.1109/ACCS-PEIT.2017.8303028
Bazrafshan ZHamzeh A(2015)Metamorphic malware categorization using co-evolutionary algorithm2015 7th Conference on Information and Knowledge Technology (IKT)10.1109/IKT.2015.7288668(1-6)Online publication date: May-2015
https://doi.org/10.1109/IKT.2015.7288668

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten