Owner based malware discrimination

Publication Type:
Journal Article
Citation:
Future Generation Computer Systems, 2018, 80 pp. 496 - 504
Issue Date:
2018-03-01
Filename Description Size
20171203_FGCS2018_Han_published paper.pdfPublished Version687.45 kB
Adobe PDF
Full metadata record
© 2016 Elsevier B.V. A piece of malware code can be harmful in one's system but totally harmless in another's. In this paper, we point out that the detection of malicious code or software is actually a matter of discrimination which depends on the owners of the computer systems. We propose an owner based malicious software discrimination model, named as Unlimited Register Machine of Owners (URMO). First, we characterize and analyze the limitations of existing discrimination techniques in theory by using the discrimination model of Unlimited Register Machine (URM) and then move on to construct the URMO discrimination model by giving the two important elements of malicious behavior: an operation and the object of the operation. The relationship between an operation and the object of the operation is fundamental to solving the relativity of the discrimination problem about malice, which is also the advantage of the URMO model. Finally, by applying the model to discriminate real-world malware and comparing it with existing popular antivirus software, we demonstrate the effectiveness and superior performance of the URMO model.
Please use this identifier to cite or link to this item: