Title: PBDG: a malicious code detection method based on precise behaviour dependency graph
Authors: Chenghua Tang; Mengmeng Yang; Qingze Gao; Baohua Qiang
Addresses: Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, China; Guangxi Key Laboratory of Cryptography and Information Security, Guilin, China ' Strategic Centre for Research in Privacy-Preserving Technologies and Systems, Nanyang Technological University, Singapore ' Guangxi Cloud Computing and Big Data Collaborative Innovation Centre, Guilin University of Electronic Technology, Guilin, China ' Guangxi Cloud Computing and Big Data Collaborative Innovation Centre, Guilin University of Electronic Technology, Guilin, China
Abstract: Using behaviour association or dependency to detect malicious code can improve the recognition rate of malicious code. A malicious code detection method based on precise behaviour dependency graph (PBDG) is proposed. We create a stain file index by filtering the stain source blacklist, which not only saves storage space, but also quickly locates instructions. An active variable path verification algorithm is proposed to verify and purify the Source → Sink path. The PBDG and its matching algorithm are constructed to identify the malicious code family of the source program. The experimental results on six data sets show the effectiveness of this method. The introduction of active variable paths reduces the number of paths that need to be traversed by 91.2% at most. In terms of the detection effect of malicious code, especially for web applications, it has a good detection accuracy and a low false positive rate.
Keywords: malicious code; stain file; path space; behaviour dependency graph; vulnerability detection.
DOI: 10.1504/IJICS.2024.137719
International Journal of Information and Computer Security, 2024 Vol.23 No.2, pp.163 - 189
Received: 23 Jun 2022
Accepted: 08 Oct 2022
Published online: 04 Apr 2024 *