2012年
A Malware Classification Method based on Similarity of Function Structure
2012 IEEE/IPSJ 12TH INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET (SAINT)
- ,
- ,
- 開始ページ
- 256
- 終了ページ
- 261
- 記述言語
- 英語
- 掲載種別
- 研究論文(国際会議プロシーディングス)
- DOI
- 10.1109/SAINT.2012.48
- 出版者・発行元
- IEEE
Malicious software (Malware) in form of Internet worms, computer viruses, and trojan horses poses a major threat to the security of network systems. Identification of malware variants provides great benefit in early detection. Taking into account that variants of malware families share similar functions reflecting its origin and purpose, we propose a method focusing on the features of functions that a malware program consists of. In our method, the feature database is created based on the analysis of known malware programs, and functions in unknown programs are compared to the content of the database to determine the program belong to what family. To decrease the cost of the calculation of similarity, we use a filtering algorithm based on one-class SVM to filter out functions which have small influence in determining the family. We evaluated the approach using 32 categorized malware samples and 113 malware samples to be classified. In the experiment, it is shown that our approach effectively reduce the time for calculation while the accuracy is not deteriorated too much.
- リンク情報
- ID情報
-
- DOI : 10.1109/SAINT.2012.48
- Web of Science ID : WOS:000312495400039