Research on malicious code variants detection based on texture fingerprint

被引：8

作者：

Han, Xiao-Guang ^{[1
]}

Qu, Wu ^{[2
,3
]}

Yao, Xuan-Xia ^{[1
]}

Guo, Chang-You ^{[1
]}

Zhou, Fang ^{[1
]}

机构：

[1] School of Computer & Communication Engineer, University of Science & Technology Beijing, Beijing

[2] Core Research Institute, Beijing Venustech Cybervision Co. Ltd., Beijing

[3] Department of Computer Science and Technology, Tsinghua University, Beijing

来源：

Han, Xiao-Guang | 1600年 / Editorial Board of Journal on Communications卷 / 35期

基金：

中国国家自然科学基金;

关键词：

Malware variants detection; Network security; Spatial similarity retrieval; Texture fingerprint;

D O I：

10.3969/j.issn.1000-436x.2014.08.016

中图分类号：

学科分类号：

摘要：

A texture-fingerprint-based approach is proposed to extract or detect the feature from malware content. The texture fingerprint of a malware is the set of texture fingerprints for each uncompressed gray-scale image block. The malicious code is mapped to uncompressed gray-scale image by integrating image analysis techniques and variants of malicious code detection technology. The uncompressed gray-scale image is partitioned into blocks by the texture segmentation algorithm. The texture fingerprints for each uncompressed gray-scale image block is extracted by gray-scale co-occurrence matrix algorithm. Afterwards, the index structure for fingerprint texture is built on the statistical analysis of general texture fingerprints of malicious code samples. In the detection phase, according to the generation policy for malicious code texture fingerprint, the prototype system for texture fingerprint extraction and detection is constructed by employing the integrated weight method to multi-segmented texture fingerprint similarity matching to detect variants and unknown malicious codes. Experimental results show that the malware variants detection system based on the proposed approach has good performance not only in speed and accuracy but also in identifying malware variants.

引用

页码：125 / 136

页数：11

共 30 条

[1] Highlights from 2010 internet security threat report, (2011)
[2] Highlights from 2012 internet security threat report, (2013)
[3] Li Y., Zuo Z.H., An overview of object-code obfuscation technologies , Journal of Computer Technology and Development, 17, 4, pp. 125-127, (2007)
[4] Nataraj L., Karthikeyan S., Jacob G., Et al., Malware images: Visualization and automatic classification , Proceedings of VizSec , (2011)
[5] Nataraj L., Yegneswaran V., Porras P., Et al., A comparative assessment of malware classification using binary texture analysis and dynamic analysis , Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence , pp. 21-30, (2011)
[6] Wang R., Feng D.G., Yang Y., Et al., Semantics-based malware behavior signature extraction and detection method , Journal of Software, 23, 2, pp. 378-393, (2012)
[7] Cogswell B., Russinovich M., Rootkit revealer, (2006)
[8] Kirda E., Kruegel C., Banks G., Et al., Behavior-based spyware detection, Proceedings of the 15th USENIX Security Symposium, pp. 273-288, (2006)
[9] Christodorescu M., Jha S., Seshia S.A., Et al., Semantics-aware malware detection , pp. 32-46, (2005)
[10] Kinder J., Katzenbeisser S., Schallhart C., Et al., Detecting malicious code by model checking , Detection of Intrusions and Malware, and Vulnerability Assessment, 3548, pp. 174-187, (2005)

← 1 2 3 →