Netinfo Security ›› 2023, Vol. 23 ›› Issue (10): 58-63.doi: 10.3969/j.issn.1671-1122.2023.10.008

Previous Articles     Next Articles

A Windows Malware Detection Method Based on Semantic Analysis

WANG Yu1, LYU Liangshuang1, XIA Chunhe1,2()   

  1. 1. Beijing Key Laboratory of Network Technology, Beihang University, Beijing 100191, China
    2. Guangxi Collaborative Innovation Center of Multi-Source Information Integration and Intelligent Processing, Guilin 541004, China
  • Received:2023-05-24 Online:2023-10-10 Published:2023-10-11

Abstract:

Windows malware has posed a serious threat to personal, enterprise, and national security. In order to detect new malware effectively and analyze the working mechanism of malware in depth, this paper proposed a Windows malware detection method based on semantic analysis. The proposed method extracted the API call dependency graph as the low-level behavior feature of the software by leveraging symbolic execution technology. Subsequently, this graph was mapped to the attack techniques in the adversarial tactics, techniques, and common knowledge (ATT & CK) framework through pattern discovery and matching methods, which could reflect the behavioral semantics of malware. Moreover, in this paper, a support vector machine classifier was built, and the attack technique features were used as inputs for the classifier to perform training and testing. Experimental results indicate that the proposed method can effectively discover new malware.

Key words: malware detection, symbolic execution, ATT & CK

CLC Number: