• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Mathematical Problems in Engineering >Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph
【24h】

Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph

机译:Mal-Netminer:基于系统调用图社交网络分析的恶意软件分类方法

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

As the security landscape evolves over time, where thousands of species of malicious codes are seen every day, antivirus vendors strive to detect and classify malware families for efficient and effective responses against malware campaigns. To enrich this effort and by capitalizing on ideas from the social network analysis domain, we build a tool that can help classify malware families using features driven from the graph structure of their system calls. To achieve that, we first construct a system call graph that consists of system calls found in the execution of the individual malware families. To explore distinguishing features of various malware species, we study social network properties as applied to the call graph, including the degree distribution, degree centrality, average distance, clustering coefficient, network density, and component ratio. We utilize features driven from those properties to build a classifier for malware families. Our experimental results show that "influence-based" graph metrics such as the degree centrality are effective for classifying malware, whereas the general structural metrics of malware are less effective for classifying malware. Our experiments demonstrate that the proposed system performs well in detecting and classifying malware families within each malware class with accuracy greater than 96%.
机译:随着安全形势的发展,每天都会看到成千上万种恶意代码,防病毒供应商努力检测和分类恶意软件家族,以针对恶意软件活动做出有效响应。为了丰富这项工作,并利用社交网络分析领域中的想法,我们构建了一个工具,该工具可以使用由系统调用的图结构驱动的功能来帮助对恶意软件家族进行分类。为此,我们首先构造一个系统调用图,其中包含在执行各个恶意软件系列时发现的系统调用。为了探索各种恶意软件种类的区别特征,我们研究了应用于调用图的社交网络属性,包括程度分布,程度中心性,平均距离,聚类系数,网络密度和组件比率。我们利用这些属性驱动的功能为恶意软件系列建立分类器。我们的实验结果表明,“基于影响力”的图形指标(例如,中心度)对于分类恶意软件有效,而恶意软件的一般结构指标对分类恶意软件的效果较差。我们的实验表明,所提出的系统在检测和分类每个恶意软件类别中的恶意软件家族方面表现良好,准确率超过96%。

著录项

  • 来源
    《Mathematical Problems in Engineering》 |2015年第18期|769624.1-769624.20|共20页
  • 作者

    Jang Jae-wook; Woo Jiyoung; Mohaisen Aziz; Yun Jaesung; Kim Huy Kang;

  • 作者单位

    Korea Univ, Grad Sch Informat Secur, Seoul 136713, South Korea.;

    Korea Univ, Grad Sch Informat Secur, Seoul 136713, South Korea.;

    SUNY Buffalo, Dept Comp Sci & Engn, Buffalo, NY 14260 USA.;

    Korea Univ, Grad Sch Informat Secur, Seoul 136713, South Korea.;

    Korea Univ, Grad Sch Informat Secur, Seoul 136713, South Korea.;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号