Mining malicious behavioural patterns

Most malware producers bypass signature-based detections through obfuscation techniques. Therefore, in order to provide proactive and real-time protection, the researchers have begun to develop strategies for behaviour-based detection. Despite of being a popular and promising non-deterministic solution to detect various forms of malware families, behavioural modelling techniques suffer from relatively high false positive rate in malware detection. To overcome this problem, the authors shall seek for identifying patterns, representing malicious intent in all instances of a malware family. In this study, they propose a new technique based on discriminative graph mining techniques to identify discriminative subgraphs. The subgraphs represent behavioural patterns in each malware family. Their evaluation results demonstrate an average of 91% accuracy in detection of malicious programme behaviours, with no false positive.