Instruction Frequency-based Malware Classification Method

被引：0

作者：

Han, Kyoung Soo ^{[3
]}

Kim, Sung-Ryul ^{[2
]}

Im, Eul Gyu ^{[1
]}

机构：

[1] Hanyang Univ, Div Comp Sci & Engn, Seoul 133791, South Korea

[2] Konkuk Univ, Div Internet & Media, Seoul 143701, South Korea

[3] Hanyang Univ, Dept Elect & Comp Engn, Seoul 133791, South Korea

来源：

INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL | 2012年 / 15卷 / 07期

基金：

新加坡国家研究基金会;

关键词：

Malware analysis; Malware classification; Instruction frequencies;

D O I：

暂无

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Developing variants of malware is a common and effective method of avoiding the signature detection of antivirus programs. Malware analysis and signature abstraction are essential technologies when it comes to updating the detection signature database for malware detection. Since most malware binary analysis processes are performed manually, malware binary analysis is a time-consuming job. Therefore, efficient malware classification can be used to speed up such analysis. As malware variants of the same malware family may share a portion of their binary code, the sequences of instructions may be similar, or even identical. In this paper, we propose a malware classification method that uses instruction frequencies. The experimental results show that there are clear distinctions among malware and normal programs.

引用

页码：2973 / 2983

页数：11

共 14 条

[1]

Bailey M., 2007, 10 INT C REC ADV INT

[2]

Bonfante Guillaume, 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), P1, DOI 10.1109/MALWARE.2008.4690851

[3] A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost [J].

Cesare, Silvio ;

Xiang, Yang .

2010 24TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2010, :721-728

[4]

Cha S.K., 2010, 7 USENIX C NETW SYST

[5]

Flake H., 2004, Proceedings of the Detection of Intrusions and Malware Vulnerability Assessment, GI SIG SIDAR Workshop, DIMVA 2004, Dortmund, Germany, 6-7 July 2004, P161

[6]

Gheorghescu M., 2005, Virus bulletin conference, Citeseer, P294

[7]

Kapoor A., 2006, AVAR 06

[8]

Lee J., 2010, P 2010 ACM S APPL CO, DOI DOI 10.1145/1774088.1774505

[9] Analysis of computer intrusions using sequences of function calls [J].

Peisert, Sean ;

Bishop, Matt ;

Karin, Sidney ;

Marzullo, Keith .

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2007, 4 (02) :137-150

[10] N-gram analysis for computer virus detection [J].

Reddy, D. Krishna Sandeep ;

Pujari, Arun K. .

JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2006, 2 (03) :231-239

← 1 2 →