...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Digital investigation >Multinomial malware classification via low-level features
【24h】

Multinomial malware classification via low-level features

机译:通过低级功能进行多项恶意软件分类

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Because malicious software or ("malware") is so frequently used in a cyber crimes, malware detection and relevant research became a serious issue in the information security landscape. However, in order to have an appropriate defense and post-attack response however, malware must not only be detected, but also categorized according to its functionality. It comes as no surprise that more and more malware is now made with the intent to avoid detection and research mechanisms. Despite sophisticated obfuscation, encryption, and anti-debug techniques, it is impossible to avoid execution on hardware, so hardware ("low-level") activity is a promising source of features. In this paper, we study the applicability of low-level features for multinomial malware classification. This research is a logical continuation of a previously published paper (Banin et al., 2016) where it was proved that memory access patterns can be successfully used for malware detection. In this research we use memory access patterns to distinguish between 10 malware families and 10 malware types. In the results, we show that our method works better for classifying malware into families than into types, and analyze our achievements in detail. With satisfying classification accuracy, we show that thorough feature selection can reduce data dimensionality by a magnitude of 3 without significant loss in classification performance. (C) 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS.
机译:由于恶意软件或(“恶意软件”)在网络犯罪中如此频繁地使用,因此恶意软件检测和相关研究已成为信息安全领域中的一个严重问题。但是,为了获得适当的防御和攻击后响应,不仅必须检测恶意软件,还必须根据其功能对恶意软件进行分类。毫不奇怪,现在越来越多的恶意软件旨在避免检测和研究机制。尽管采用了复杂的混淆,加密和反调试技术,但仍无法避免在硬件上执行,因此硬件(“低级”)活动是很有希望的功能来源。在本文中,我们研究了低级功能在多项恶意软件分类中的适用性。这项研究是先前发表论文(Banin et al。,2016)的逻辑延续,其中证明了内存访问模式可以成功用于恶意软件检测。在这项研究中,我们使用内存访问模式来区分10个恶意软件家族和10种恶意软件类型。结果表明,我们的方法将恶意软件分类为家族而不是类型更有效,并且详细分析了我们的成就。通过令人满意的分类精度,我们证明了彻底的特征选择可以将数据维数降低3个数量级,而不会明显降低分类性能。 (C)2018作者。由Elsevier Ltd代表DFRWS发布。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号