A similarity metric method of obfuscated malware using function-call graph

Ming Xu; Lingfei Wu; Shuhui Qi; Jian Xu; Haiping Zhang; Yizhi Ren; Ning Zheng

首页> 外文期刊>Journal of Computer Virology and Hacking Techniques >A similarity metric method of obfuscated malware using function-call graph

【24h】

A similarity metric method of obfuscated malware using function-call graph

机译：使用函数调用图的模糊恶意软件相似度度量方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Code obfuscating technique plays a significant role to produce new obfuscated malicious programs, generally called malware variants, from previously encountered malwares. However, the traditional signature-based malware detecting method is hard to recognize the up-to-the-minute obfuscated malwares. This paper proposes a method to identify the malware variants based on the function-call graph. Firstly, the function-call graphs were created from the disassembled codes of program; then the caller–callee relationships of functions and the operational code (opcode) information about functions, combining the graph coloring techniques were used to measure the similarity metric between two function-call graphs; at last, the similarity metric was utilized to identify the malware variants from known malwares. The experimental results show that the proposed method is able to identify the obfuscated malicious softwares effectively.

机译：代码混淆技术在从先前遇到的恶意软件中产生新的混淆的恶意程序（通常称为恶意软件变体）方面发挥着重要作用。但是，传统的基于签名的恶意软件检测方法很难识别最新的混淆软件。本文提出了一种基于功能调用图的恶意软件变种识别方法。首先，从反汇编的程序代码创建函数调用图；然后使用函数的调用者与被调用者之间的关系以及有关函数的操作代码（操作码）信息，结合图着色技术来测量两个函数调用图之间的相似性度量；最后，利用相似性度量从已知恶意软件中识别出恶意软件变体。实验结果表明，该方法能够有效识别被混淆的恶意软件。

著录项

来源
《Journal of Computer Virology and Hacking Techniques》 |2013年第1期|35-47|共13页
作者
Ming Xu; Lingfei Wu; Shuhui Qi; Jian Xu; Haiping Zhang; Yizhi Ren; Ning Zheng;
展开▼
作者单位

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

College of Computer Hangzhou Dianzi University">(1);

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. A similarity metric method of obfuscated malware using function-call graph [J] . Ming Xu, Lingfei Wu, Shuhui Qi, Journal in computer virology . 2013,第1期

机译：使用函数调用图的模糊恶意软件相似度度量方法
2. Graph Similarity Metric Using Graph Convolutional Network: Application to Malware Similarity Match [J] . Bing-lin ZHAO, Fu-dong LIU, Zheng SHAN, IEICE transactions on information and systems . 2019,第8期

机译：使用图卷积网络的图相似度量：在恶意软件相似匹配中的应用
3. Obfuscation-based malware update: A comparison of manual and automated methods [J] . Barría Cristian, Cordero David, Cubillos Claudio, International journal of computers, communications & control . 2017,第4期

机译：基于混淆的恶意软件更新：手动方法与自动方法的比较
4. Detecting malware variants via function-call graph similarity [C] . Proceedings of the 5th International Conference on Malicious and Unwanted Software . 2010

机译：通过功能调用图相似性检测恶意软件变体
5. Text based similarity metrics and delta for semantic web graphs . [D] . Koduvayur Viswanathan, Krishnamurthy. 2010

机译：基于文本的语义Web图的相似度量和增量。
6. Detecting and classifying method based on similarity matching of Android malware behavior with profile [O] . Jae-wook Jang, Jaesung Yun, Aziz Mohaisen, -1

机译：基于Android恶意软件行为与配置文件相似度匹配的检测分类方法
7. Graph Similarity Metric Using Graph Convolutional Network: Application to Malware Similarity Match [O] . Bing-lin ZHAO, Fu-dong LIU, Zheng SHAN, 2019

机译：图形相似度指标使用图形卷积网络：应用于恶意软件相似性匹配
8. Metric Similarity in Vegetation-Based Wetland Assessment Methods. [R] . Mack, J. J., Kentula, M. E. 2010

机译：基于植被的湿地评价方法的度量相似性。

A similarity metric method of obfuscated malware using function-call graph

摘要

著录项

相似文献

相关主题

期刊订阅