2-SPIFF: a 2-stage packer identification method based on function call graph and file attributes

2021 ◽  
Author(s):  
Hao Liu ◽  
Chun Guo ◽  
Yunhe Cui ◽  
Guowei Shen ◽  
Yuan Ping
Keyword(s):  
Call Graph ◽  
Identification Method ◽  
Function Call

A similarity metric method of obfuscated malware using function-call graph

2013 ◽  
Vol 9 (1) ◽  
pp. 35-47 ◽  
Author(s):  
Ming Xu ◽  
Lingfei Wu ◽  
Shuhui Qi ◽  
Jian Xu ◽  
Haiping Zhang ◽  
...  
Keyword(s):  
Similarity Metric ◽  
Call Graph ◽  
Function Call

scholarly journals Exploring Function Call Graph Vectorization and File Statistical Features in Malicious PE File Classification

IEEE Access ◽  
2020 ◽  
Vol 8 ◽  
pp. 44652-44660
Author(s):  
Yipin Zhang ◽  
Xiaolin Chang ◽  
Yuzhou Lin ◽  
Jelena Misic ◽  
Vojislav B. Misic
Keyword(s):  
Statistical Features ◽  
Call Graph ◽  
Function Call

scholarly journals A Malware and Variant Detection Method Using Function Call Graph Isomorphism

2019 ◽  
Vol 2019 ◽  
pp. 1-12 ◽  
Author(s):  
Jinrong Bai ◽  
Qibin Shi ◽  
Shiguang Mu
Keyword(s):  
Large Scale ◽  
Detection Method ◽  
Graph Isomorphism ◽  
Experimental Results ◽  
Call Graph ◽  
Antivirus Software ◽  
Function Call ◽  
Variant Detection ◽  
High Level ◽  
High Level Abstraction

The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.

scholarly journals Android Malware Detection Based on Structural Features of the Function Call Graph

Electronics ◽  
2021 ◽  
Vol 10 (2) ◽  
pp. 186
Author(s):  
Yang Yang ◽  
Xuehui Du ◽  
Zhi Yang ◽  
Xing Liu
Keyword(s):  
Malware Detection ◽  
Structural Features ◽  
Coarse Grained ◽  
Detection Methods ◽  
Convolutional Network ◽  
Android Malware ◽  
Call Graph ◽  
Android Apps ◽  
Android Malware Detection ◽  
Function Call

The openness of Android operating system not only brings convenience to users, but also leads to the attack threat from a large number of malicious applications (apps). Thus malware detection has become the research focus in the field of mobile security. In order to solve the problem of more coarse-grained feature selection and larger feature loss of graph structure existing in the current detection methods, we put forward a method named DGCNDroid for Android malware detection, which is based on the deep graph convolutional network. Our method starts by generating a function call graph for the decompiled Android application. Then the function call subgraph containing the sensitive application programming interface (API) is extracted. Finally, the function call subgraphs with structural features are trained as the input of the deep graph convolutional network. Thus the detection and classification of malicious apps can be realized. Through experimentation on a dataset containing 11,120 Android apps, the method proposed in this paper can achieve detection accuracy of 98.2%, which is higher than other existing detection methods.

scholarly journals Generation and Visualization of Static Function Call Graph for Large C Codebases

2021 ◽  
Vol 10 (6) ◽  
pp. 1-6
Author(s):  
Sourabh S Badhya ◽  
◽  
Shobha G ◽  
Keyword(s):  
Software Development ◽  
Static Analysis ◽  
Software Systems ◽  
Call Graph ◽  
Analysis Methods ◽  
Development Lifecycle ◽  
Function Call ◽  
Software Development Lifecycle ◽  
The Many

As software systems evolve, there is a growing concern on how to manage and maintain a large codebase and fully understand all the modules present in it. Developers spend a significant amount of time analyzing dependencies before making any changes into codebases. Therefore, there is a growing need for applications which can easily make developers comprehend dependencies in large codebases. These applications must be able to analyze large codebases and must have the ability to identify all the dependencies, so that new developers can easily analyze the codebase and start making changes in short periods of time. Static analysis provides a means of analyzing dependencies in large codebases and is an important part of software development lifecycle. Static analysis has been proven to be extremely useful over the years in their ability to comprehend large codebases. Out of the many static analysis methods, this paper focuses on static function call graph (SFCG) which represents dependencies between functions in the form of a graph. This paper illustrates the feasibility of many tools which generate SFCG and locks in on Doxygen which is extremely reliant for large codebases. The paper also discusses the optimizations, issues and its corresponding solutions for Doxygen. Finally, this paper presents a way of representing SFCG which is easier to comprehend for developers.

The Determination of the Uniqueness of Polymorphism in C++

2013 ◽  
Vol 336-338 ◽  
pp. 2157-2163
Author(s):  
Meng Ting Liu ◽  
Yong Min Mu ◽  
Wei Na Dong ◽  
Bin Fan ◽  
Li Ni Ma
Keyword(s):  
Source Code ◽  
Object Oriented ◽  
Control Logic ◽  
Dynamic Binding ◽  
Call Graph ◽  
Function Call ◽  
Path Coverage ◽  
Testing Cost ◽  
The One

The polymorphism is the one of the main features of the object oriented program. The compiler determines the uniqueness of polymorphism by dynamic binding. In a static source code, there will be one function calling point corresponding to several called functions. As the consequence, there will be many redundant function calling paths. It is the key to improve the efficiency of the path coverage test based function call graph with control logic determining the uniqueness of polymorphism. This paper analyzes the feature of the polymorphism in C++ and proposes an algorithm to determine the uniqueness of polymorphism statically in C++. The algorithm can find the unique called function from the several called functions without running the program. The result shows that the algorithm can obtain the unique called function correctly and eliminate the redundant paths. It improves the testing efficiency and reduces the testing cost.

Sign in / Sign up

Export Citation Format

Share Document