Structural Classification and Similarity Measurement of Malware

被引:4
|
作者
Shi, Hongbo [1 ]
Hamagami, Tomoki [2 ]
Yoshioka, Katsunari [2 ]
Xu, Haoyuan [3 ]
Tobe, Kazuhiro [4 ]
Goto, Shigeki [4 ]
机构
[1] Tokyo Metropolitan Univ, Lib & Informat Acad Ctr, Hachioji, Tokyo 1920397, Japan
[2] Yokohama Natl Univ, Div Elect & Comp Engn, Fac Engn, Hodogaya Ku, Yokohama, Kanagawa 2408501, Japan
[3] Yokohama Natl Univ, Informat Technol Serv Ctr, Hodogaya Ku, Yokohama, Kanagawa 2408501, Japan
[4] Waseda Univ, Grad Sch Fundamental Sci & Engn, Fac Sci & Engn, Shinjuku Ku, Tokyo 1698555, Japan
关键词
malware; classification; dynamic link library; GHSOM; tree structure; relationship;
D O I
10.1002/tee.22018
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families. (c) 2014 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.
引用
收藏
页码:621 / 632
页数:12
相关论文
共 50 条
  • [21] Improved Structural Similarity Measurement for Vocal Signals
    Lai, Wei-Sheng
    Tseng, Chi-Jung
    Ding, Jian-Jiun
    [J]. 2013 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS (ISCAS), 2013, : 301 - 304
  • [22] Malware Classification by Learning Semantic and Structural Features of Control Flow Graphs
    Wu, Bolun
    Xu, Yuanhang
    Zou, Futai
    [J]. 2021 IEEE 20TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2021), 2021, : 540 - 547
  • [23] Towards an automatic classification of protein structural domains based on structural similarity
    Vichetra Sam
    Chin-Hsien Tai
    Jean Garnier
    Jean-Francois Gibrat
    Byungkook Lee
    Peter J Munson
    [J]. BMC Bioinformatics, 9
  • [24] Towards an automatic classification of protein structural domains based on structural similarity
    Sam, Vichetra
    Tai, Chin-Hsien
    Garnier, Jean
    Gibrat, Jean-Francois
    Lee, Byungkook
    Munson, Peter J.
    [J]. BMC BIOINFORMATICS, 2008, 9 (1)
  • [25] An efficient similarity measurement method and its classification effect
    Yuan H.
    Tan Z.
    Wang F.
    [J]. Zhongguo Kexue Jishu Kexue/Scientia Sinica Technologica, 2022, 52 (07): : 1096 - 1110
  • [26] Similarity measurement method for the classification of architecturally differentiated images
    Smith, Y
    Zajicek, G
    Werman, M
    Pizov, G
    Sherman, Y
    [J]. COMPUTERS AND BIOMEDICAL RESEARCH, 1999, 32 (01): : 1 - 12
  • [27] Weighted structural similarity based on block classification of image
    Yang, Chun-Ling
    He, Liu
    Wei, Yi
    Mai, Zhi-Yi
    [J]. Huanan Ligong Daxue Xuebao/Journal of South China University of Technology (Natural Science), 2009, 37 (01): : 42 - 47
  • [28] Image classification based on complex wavelet structural similarity
    Rehman, Abdul
    Gao, Yang
    Wang, Jiheng
    Wang, Zhou
    [J]. SIGNAL PROCESSING-IMAGE COMMUNICATION, 2013, 28 (08) : 984 - 992
  • [29] Neighborhood Structural Similarity Mapping for the Classification of Masses in Mammograms
    Rabidas, Rinku
    Midya, Abhishek
    Chakraborty, Jayasree
    [J]. IEEE JOURNAL OF BIOMEDICAL AND HEALTH INFORMATICS, 2018, 22 (03) : 826 - 834
  • [30] Aerial Image Classification Using Structural Texture Similarity
    Risojevic, Vladimir
    Babic, Zdenka
    [J]. 2011 IEEE INTERNATIONAL SYMPOSIUM ON SIGNAL PROCESSING AND INFORMATION TECHNOLOGY (ISSPIT), 2011, : 190 - 195