APTMalInsight: Identify and cognize APT malware based on system call information and ontology knowledge framework
Autor: | Yong Wang, Xianwei Gao, Fuquan Zhang, Weijie Han, Jingfeng Xue |
---|---|
Rok vydání: | 2021 |
Předmět: |
Software_OPERATINGSYSTEMS
Information Systems and Management Computer science 05 social sciences 050301 education ComputerApplications_COMPUTERSINOTHERSYSTEMS 02 engineering and technology Construct (python library) Ontology (information science) computer.software_genre Computer security Computer Science Applications Theoretical Computer Science InformationSystems_GENERAL Identification (information) Artificial Intelligence Control and Systems Engineering System call 0202 electrical engineering electronic engineering information engineering Key (cryptography) Malware 020201 artificial intelligence & image processing 0503 education computer Software |
Zdroj: | Information Sciences. 546:633-664 |
ISSN: | 0020-0255 |
DOI: | 10.1016/j.ins.2020.08.095 |
Popis: | APT attacks have posed serious threats to the security of cyberspace nowadays which are usually tailored for specific targets. Identification and understanding of APT attacks remains a key issue for society. Attackers often utilize malware as the weapons to launch cyber-attacks. For this reason, detecting APT malware and gaining an insight of its malicious behaviors can strengthen the power to understand and counteract APT attacks. Based on the above motivation, this paper proposes a novel APT malware detection and cognition framework named APTMalInsight aiming at identifying and cognizing APT malware by leveraging system call information and ontology knowledge. We systematically study APT malware and extracts dynamic system call information to describe its behavioral characteristics. With respect to the established feature vectors, the APT malware can be detected and clustered into their belonging families accurately. Furthermore, a horizontal comparison between APT malware and the traditional malware is conducted from the perspective of behavior types, to understand the behavioral characteristics of APT malware in depth. On the above basis, the ontology model is introduced to construct the APT malware knowledge framework to represent its typical malicious behaviors, thereby implementing the systematic cognition of APT malware and providing contextual understanding of APT attacks. The evaluation results based on real APT malware samples demonstrate that the detection and clustering accuracy can reach up to 99.28% and 98.85% respectively. In addition, APTMalInsight supplies an effective cognition framework for APT malware and enhances the capability to understand APT attacks. |
Databáze: | OpenAIRE |
Externí odkaz: |