Malware visualization and automatic classification with enhanced information density

被引：0

作者：

Liu Y. ^{[1
,2
]}

Wang Z. ^{[1
]}

Hou Y. ^{[3
]}

Yan H. ^{[4
]}

机构：

[1] School of Computer and Information Technology, Beijing Jiaotong University, Beijing

[2] School of Electrical and Information Engineering, Beijing University of Civil Engineering and Architecture, Beijing

[3] Institute of Network Technology, Beijing University of Posts and Telecommunication, Beijing

[4] National Computer Network Emergency Response Technical Team, Coordination Center of China, Beijing

来源：

Qinghua Daxue Xuebao/Journal of Tsinghua University | 2019年 / 59卷 / 01期

关键词：

Image texture; Malware visualization; SimHash;

D O I：

10.16511/j.cnki.qhdxxb.2018.22.054

中图分类号：

学科分类号：

摘要：

The development of computers and networking has been accompanied by exponential increases in the amount of malware which greatly threaten cyber space applications. This study combines the reverse analysis of malicious codes with a visualization method in a method that visualizes operating code sequences extracted from the ".text" section of portable and excutable (PE) files. This method not only improves the efficiency of malware, but also solves the difficulty of simHash similarity measurements. Tests show that this method identifies more effective features with higher information densities. This method is more efficient and has better classification accuracy than traditional malware visualization methods. © 2019, Tsinghua University Press. All right reserved.

引用

页码：9 / 14

页数：5

共 18 条

[1]

Malware entry

[2]

Network security information and trends weekly report

[3]

Chen J.Y., Research and implementation of malicious code detection technology based on affinity analysis, (2014)

[4]

Zhang Y.N., Huang Q.J., Ma X.J., Et al., Using multi-features and ensemble learning method for imbalanced malware classification, 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 965-973, (2017)

[5]

Eisner J., Understanding heuristics: Symantec's bloodhound technology, (1997)

[6]

Firdausi I., Lim C., Erwin A., Et al., Analysis of machine learning techniques used in behavior-based malware detection, 2nd International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201-203, (2010)

[7]

Rieck K., Trinius P., Willems C., Et al., Automatic analysis of malware behavior using machine learning, Journal of Computer Security, 19, 4, pp. 639-668, (2011)

[8]

Wang R., Feng D.G., Yang Y., Et al., Semantics-based malware behavior signature extraction and detection method, Journal of Software, 23, 2, pp. 378-393, (2012)

[9]

Saxe J., Berlin K., Deep neural network based malware detection using two dimensional binary program features, 10th International Conference on Malicious and Unwanted Software, pp. 11-20, (2015)

[10]

Conti G., Bratus S., Sangster B., Et al., Automated mapping of large binary objects using primitive fragment type classification, Digital Investigation, 7, pp. S3-S12, (2010)

← 1 2 →