IIT Home Page CNR Home Page

A Fuzzy-based Process Mining Approach for Dynamic Malware Detection

Mobile systems have become essential for communication and productivity but are also becoming target of continuous malware attacks. New malware are often obtained as variants ofexisting malicious code. This work describes an approach for dynamic malware detection based on the combination of Process Mining (PM) and Fuzzy Logic (FL) techniques. The firsts are used to characterize the behavior of an application identifying some recurring execution expressed as a set of declarativeconstraints between the system calls. Fuzzy logic is used to classify the analyzed malware applications and verify their relations with the existing malware variants. The combination of the two techniques allows to obtain a fingerprint of an application that is used to verify its maliciousness/trustfulness, establish if it belongs from a known malware family and identify the differences between the detected malware behavior and the other variants of the some malware family. The approach is applied on a dataset of 3000 trusted and malicious applications across twelve malware families and has shown a very good discrimination ability that can be exploited for malware detection and family identification.

IEEE International Conference on Fuzzy Systems, Napoli, 2017

Autori esterni: Mario Luca Bernardi (Università degli Studi Giustino Fortunato), Marta Cimitile (Università degli Studi di Roma Unitelma Sapienza)
Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: fuzzy-based-process.pdf

Attività: Sicurezza di dispositivi mobili