Owner based malware discrimination

Han, L; Liu, S; Han, S; Jia, W; Lei, J

Owner based malware discrimination

Han, L Liu, S Han, S Jia, W

Lei, J

Permalink

Publication Type:: Journal Article
Citation:: Future Generation Computer Systems, 2018, 80 pp. 496 - 504
Issue Date:: 2018-03-01

Closed Access

	Filename	Description	Size
	20171203_FGCS2018_Han_published paper.pdf	Published Version	687.45 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Han, L	en_US
dc.contributor.author	Liu, S	en_US
dc.contributor.author	Han, S	en_US
dc.contributor.author	Jia, W https://orcid.org/0000-0002-0940-3338	en_US
dc.contributor.author	Lei, J	en_US
dc.date.issued	2018-03-01	en_US
dc.identifier.citation	Future Generation Computer Systems, 2018, 80 pp. 496 - 504	en_US
dc.identifier.issn	0167-739X	en_US
dc.identifier.uri	http://hdl.handle.net/10453/130928
dc.description.abstract	© 2016 Elsevier B.V. A piece of malware code can be harmful in one's system but totally harmless in another's. In this paper, we point out that the detection of malicious code or software is actually a matter of discrimination which depends on the owners of the computer systems. We propose an owner based malicious software discrimination model, named as Unlimited Register Machine of Owners (URMO). First, we characterize and analyze the limitations of existing discrimination techniques in theory by using the discrimination model of Unlimited Register Machine (URM) and then move on to construct the URMO discrimination model by giving the two important elements of malicious behavior: an operation and the object of the operation. The relationship between an operation and the object of the operation is fundamental to solving the relativity of the discrimination problem about malice, which is also the advantage of the URMO model. Finally, by applying the model to discriminate real-world malware and comparing it with existing popular antivirus software, we demonstrate the effectiveness and superior performance of the URMO model.	en_US
dc.relation.ispartof	Future Generation Computer Systems	en_US
dc.relation.isbasedon	10.1016/j.future.2016.05.020	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject.classification	Distributed Computing	en_US
dc.title	Owner based malware discrimination	en_US
dc.type	Journal Article
utslib.citation.volume	80	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0806 Information Systems	en_US
utslib.for	0803 Computer Software	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
utslib.copyright.status	closed_access	*
pubs.publication-status	Published	en_US
pubs.volume	80	en_US

Abstract:

© 2016 Elsevier B.V. A piece of malware code can be harmful in one's system but totally harmless in another's. In this paper, we point out that the detection of malicious code or software is actually a matter of discrimination which depends on the owners of the computer systems. We propose an owner based malicious software discrimination model, named as Unlimited Register Machine of Owners (URMO). First, we characterize and analyze the limitations of existing discrimination techniques in theory by using the discrimination model of Unlimited Register Machine (URM) and then move on to construct the URMO discrimination model by giving the two important elements of malicious behavior: an operation and the object of the operation. The relationship between an operation and the object of the operation is fundamental to solving the relativity of the discrimination problem about malice, which is also the advantage of the URMO model. Finally, by applying the model to discriminate real-world malware and comparing it with existing popular antivirus software, we demonstrate the effectiveness and superior performance of the URMO model.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/130928