Object-semantics based malware detection method.

Malware variants make a big threat to security of information system. To detect variants of malicious codes effectively, through dynamic monitoring and parsing system calls and parameters, this paper related different object operations to the same object, and constructed the object state changing graph. Then it processed the object state changing graph by an anti-obfuscation method to acquire the anti-interference behavior signatures graph of malware. Finally, it detected unknown codes based on the behavior signatures graph. As the results of the experiments show, the method can effectively resist the inference like the rearrangement of malicious codes and the inserting of useless system call. It has a low false negative rate in detecting normal programs and has a good result in detecting variants of malicious codes. [ABSTRACT FROM AUTHOR]