Structural Classification and Similarity Measurement of Malware

被引：4

作者：

Shi, Hongbo ^{[1
]}

Hamagami, Tomoki ^{[2
]}

Yoshioka, Katsunari ^{[2
]}

Xu, Haoyuan ^{[3
]}

Tobe, Kazuhiro ^{[4
]}

Goto, Shigeki ^{[4
]}

机构：

[1] Tokyo Metropolitan Univ, Lib & Informat Acad Ctr, Hachioji, Tokyo 1920397, Japan

[2] Yokohama Natl Univ, Div Elect & Comp Engn, Fac Engn, Hodogaya Ku, Yokohama, Kanagawa 2408501, Japan

[3] Yokohama Natl Univ, Informat Technol Serv Ctr, Hodogaya Ku, Yokohama, Kanagawa 2408501, Japan

[4] Waseda Univ, Grad Sch Fundamental Sci & Engn, Fac Sci & Engn, Shinjuku Ku, Tokyo 1698555, Japan

来源：

IEEJ TRANSACTIONS ON ELECTRICAL AND ELECTRONIC ENGINEERING | 2014年 / 9卷 / 06期

关键词：

malware; classification; dynamic link library; GHSOM; tree structure; relationship;

D O I：

10.1002/tee.22018

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families. (c) 2014 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.

引用

页码：621 / 632

页数：12

共 50 条

[1] Kernel Machines for Malware Classification and Similarity Analysis
Shankarapani, M.
Kancherla, K.
Ramammoorthy, S.
Movva, R.
Mukkamala, S.
[J]. 2010 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS IJCNN 2010, 2010,
[2] Classification of Malware Using Visualisation of Similarity Matrices
Venkatraman, Sitalakshmi
Alazab, Mamoun
[J]. 2017 CYBERSECURITY AND CYBERFORENSICS CONFERENCE (CCC), 2017, : 3 - 8
[3] A Malware Classification Method based on Similarity of Function Structure
Zhong, Yang
Yamaki, Hirofumi
Takakura, Hiroki
[J]. 2012 IEEE/IPSJ 12TH INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET (SAINT), 2012, : 256 - 261
[4] Computational Intelligent Techniques and Similarity Measures for Malware Classification
Shankarpani, M. K.
Kancherla, K.
Movva, R.
Mukkamala, S.
[J]. COMPUTATIONAL INTELLIGENCE FOR PRIVACY AND SECURITY, 2012, 394 : 215 - 236
[5] Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification
Kong, Deguang
Yan, Guanhua
[J]. 19TH ACM SIGKDD INTERNATIONAL CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING (KDD'13), 2013, : 1357 - 1365
[6] Enhancing Malware Classification via Self-Similarity Techniques
Zhong, Fangtian
Hu, Qin
Jiang, Yili
Huang, Jiaqi
Zhang, Cheng
Wu, Dinghao
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 7232 - 7244
[7] Malware Similarity Measurement Method Based on Multiplex Heterogeneous Graph
Gu, Yong-Hao
Wang, Yi-Fei
Liu, Wei-Xin
Wu, Tie-Jun
Meng, Guo-Zhu
[J]. Ruan Jian Xue Bao/Journal of Software, 2023, 34 (07): : 3188 - 3205
[8] Measurement of molecular structural similarity
Pope, Sarah A.
Erickson, Mark S.
[J]. ABSTRACTS OF PAPERS OF THE AMERICAN CHEMICAL SOCIETY, 2014, 247
[9] Combined kNN Classification and Hierarchical Similarity Hash for Fast Malware Detection
Choi, Sunoh
[J]. APPLIED SCIENCES-BASEL, 2020, 10 (15):
[10] Malware Detection and Classification Based on n-grams Attribute Similarity
Zhang Fuyong
Zhao Tiezhou
[J]. 2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE) AND IEEE/IFIP INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING (EUC), VOL 1, 2017, : 793 - 796

← 1 2 3 4 5 →