Article: PBDG: a malicious code detection method based on precise behaviour dependency graph Journal: International Journal of Information and Computer Security (IJICS) 2024 Vol.23 No.2 pp.163 - 189 Abstract: Using behaviour association or dependency to detect malicious code can improve the recognition rate of malicious code. A malicious code detection method based on precise behaviour dependency graph (PBDG) is proposed. We create a stain file index by filtering the stain source blacklist, which not only saves storage space, but also quickly locates instructions. An active variable path verification algorithm is proposed to verify and purify the Source → Sink path. The PBDG and its matching algorithm are constructed to identify the malicious code family of the source program. The experimental results on six data sets show the effectiveness of this method. The introduction of active variable paths reduces the number of paths that need to be traversed by 91.2% at most. In terms of the detection effect of malicious code, especially for web applications, it has a good detection accuracy and a low false positive rate. Inderscience Publishers - linking academia, business and industry through research

Title: PBDG: a malicious code detection method based on precise behaviour dependency graph

Authors: Chenghua Tang; Mengmeng Yang; Qingze Gao; Baohua Qiang

Addresses: Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, China; Guangxi Key Laboratory of Cryptography and Information Security, Guilin, China ' Strategic Centre for Research in Privacy-Preserving Technologies and Systems, Nanyang Technological University, Singapore ' Guangxi Cloud Computing and Big Data Collaborative Innovation Centre, Guilin University of Electronic Technology, Guilin, China ' Guangxi Cloud Computing and Big Data Collaborative Innovation Centre, Guilin University of Electronic Technology, Guilin, China

Abstract: Using behaviour association or dependency to detect malicious code can improve the recognition rate of malicious code. A malicious code detection method based on precise behaviour dependency graph (PBDG) is proposed. We create a stain file index by filtering the stain source blacklist, which not only saves storage space, but also quickly locates instructions. An active variable path verification algorithm is proposed to verify and purify the Source → Sink path. The PBDG and its matching algorithm are constructed to identify the malicious code family of the source program. The experimental results on six data sets show the effectiveness of this method. The introduction of active variable paths reduces the number of paths that need to be traversed by 91.2% at most. In terms of the detection effect of malicious code, especially for web applications, it has a good detection accuracy and a low false positive rate.

Keywords: malicious code; stain file; path space; behaviour dependency graph; vulnerability detection.

DOI: 10.1504/IJICS.2024.137719

International Journal of Information and Computer Security, 2024 Vol.23 No.2, pp.163 - 189

Received: 23 Jun 2022
Accepted: 08 Oct 2022
Published online: 04 Apr 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: PBDG: a malicious code detection method based on precise behaviour dependency graph

Keep up-to-date