File-Process Dependency Network and Malware Detection

In a computer system, data flows have crucial impacts on security and have recently attracted more and more research interests. This paper models and analyzes the dataflow relationships from the view of complex networks. The authors show that the dataflow relationships, modeled as a novel system-wide dependency network, exhibit the small-world effect. Utilizing importance ranking methods in complex networks, they quantitatively estimate the relative importance of processes and files, and then use it as an automatic technique to identify critical check points for malware detection. Experimental results show identified check points accurately match with the critical steps of most malwares' infection or damaging activities.

Provided by: Institute of Electrical & Electronic Engineers Topic: Security Date Added: May 2012 Format: PDF

Find By Topic