File-Process Dependency Network and Malware Detection

Provided by: Institute of Electrical & Electronic Engineers
Topic: Security
Format: PDF
In a computer system, data flows have crucial impacts on security and have recently attracted more and more research interests. This paper models and analyzes the dataflow relationships from the view of complex networks. The authors show that the dataflow relationships, modeled as a novel system-wide dependency network, exhibit the small-world effect. Utilizing importance ranking methods in complex networks, they quantitatively estimate the relative importance of processes and files, and then use it as an automatic technique to identify critical check points for malware detection. Experimental results show identified check points accurately match with the critical steps of most malwares' infection or damaging activities.

Find By Topic