A Semantic-based Malware Behavior Feature Extracting System

摘要

Detection based on features is most popular to prevent malware these days, and the detection capability is based on the feature abstracting method and describing capability. The current abstracting and matching methods are susceptible to obfuscation technologies, and cannot deal with the variants which are emerging quickly. This paper implements a malware features extracting system based on semantic. This system can abstract the critical behaviors of malware and the dependencies between them through dynamic analysis, and modify the features for preventing obfuscation considering semantic irrelevancy and semantic equivalency to improve the describing capabilities of the malware features. This paper also designs a corresponding detecting method to test these features. The results prove that the method in this paper improves the capability to prevent obfuscation, and can adapt to malware variants.