Polymorphic malware detection using topological feature extraction with data mining
作者: James B. Fraley , Marco Figueroa
DOI: 10.1109/SECON.2016.7506685
关键词: Hidden Markov model 、 Topology 、 Belief propagation 、 Artificial intelligence 、 Machine learning 、 Cluster analysis 、 Malware 、 False positive paradox 、 Data mining 、 Computer science 、 Feature extraction 、 Signature (logic) 、 The Internet
摘要: In just a few short years, the number of polymorphic and metamorphic malware samples seen in wild has grown exponentially, automated detection apparatus which is largely signature-based finds itself virtually practically useless for these new types attacks. New methods are needed order to better defend networks, protect data preserve overall internet operations. This paper offers novel approach extract, analyze combine multiple high level factors determine “malicious or benign” files. These include file characteristics, internal properties dynamic run-time relationships. presents unique leveraging topological examination using static analysis. Belief Propagation (BP) achieved through mining techniques uncover spotlight malicious The proposed directly captures file-properties can therefore identify files with impressive rates (.9999) low false positives (.0001). should prove be faster than large reputation database performs well small sample sizes.
sci-hub.se 参考文章(26)
Nikos Karampatziakis, Jack W. Stokes, Anil Thomas, Mady Marinescu, Using file relationships in malware classification international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 20 ,(2012) , 10.1007/978-3-642-37300-8_1
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Piotr Indyk, Aristides Gionis, Rajeev Motwani, Similarity Search in High Dimensions via Hashing very large data bases. pp. 518- 529 ,(1999)
Sandeep Bhatkar, Kang G. Shin, Kent Griffin, Xin Hu, MutantX-S: scalable malware clustering based on static features usenix annual technical conference. pp. 187- 198 ,(2013)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, Engin Kirda, Scalable, behavior-based malware clustering network and distributed system security symposium. ,(2009)
Mordehai Guri, Gabi Kedma, Tom Sela, Buky Carmeli, Amit Rosner, Yuval Elovici, Noninvasive detection of anti-forensic malware international conference on malicious and unwanted software. pp. 1- 10 ,(2013) , 10.1109/MALWARE.2013.6703679
Moses S. Charikar, Similarity estimation techniques from rounding algorithms symposium on the theory of computing. pp. 380- 388 ,(2002) , 10.1145/509907.509965
Jonathan S. Yedidia, Yair Weiss, William T. Freeman, Understanding belief propagation and its generalizations Exploring artificial intelligence in the new millennium. pp. 239- 269 ,(2003)
Yanfang Ye, Tao Li, Shenghuo Zhu, Weiwei Zhuang, Egemen Tas, Umesh Gupta, Melih Abdulhayoglu, Combining file content and file relations for cloud based malware detection Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '11. pp. 222- 230 ,(2011) , 10.1145/2020408.2020448