Evaluation on Malware Classification by Session Sequence of Common Protocols
详细信息 查看全文
- 关键词:Malware classification ; Traffic analysis ; Similarity calculation
- 刊名:Lecture Notes in Computer Science
- 出版年:2016
- 出版时间:2016
- 年:2016
- 卷:10052
- 期:1
- 页码:521-531
- 全文大小:311 KB
- 参考文献:1.Information-technology Promotion Agency: Design and operational guide to protect against advanced persistent threats, 2nd edn. (2011). https://www.ipa.go.jp/files/000017299.pdf
2.Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. Technical report, SP 800-61 Rev. 2, Gaithersburg (2012)
3.Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of HTTP-based malware and signature generation using malicious network traces. In: USENIX Symposium on Networked Systems Design and Implementation, NSDI, San Jose (2010)
4.Morales, J.A., Al-Bataineh, A., Xu, S., Sandhu, R.: Analyzing and exploiting network behaviors of malware. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 20–34. Springer, Heidelberg (2010)CrossRef
5.Rafique, Z.M., Chen, P., Hyugens, C., Joosen, W.: Evolutionary algorithms for classification of malware families through different network behaviors. In: Proceedings of the 2014 Conference on Genetic and Evolutionary Computation, pp. 1167–1174. ACM, Vancouver (2014)
6.Lim, H., Yamaguchi, Y., Shimada, H., Takakura, H.: Malware classification method based on sequence of traffic flow. In: Proceedings of 1st International Conference on Information Systems Security and Privacy, Angers, pp. 230–237 (2015)
7.Hiruta, S., Yamaguchi, Y., Shimada, H., Takakura, H.: Evaluation on malware classification by combining traffic analysis and fuzzy hashing of malware binary. In: Proceedings of the 2015 International Conference on Security and Management, Las Vegas, pp. 89–95 (2015)
8.Arthur, D., Vassilvitskii, S.: k-means++: the Advantages of careful seeding. In: SODA 2007 Proceeding of the Eigtheenth Annual ACM-SIAM Symposium on Discrete Algorithms, New Orleans, pp. 1027–1035 (2007)
9.Aoki, K., Yagi, T., Iwamura, M., Itoh, M.: Controlling malware HTTP communications in dynamic analysis system using search engine. In: The 3rd International Workshop on Cyberspace Safety and Security, Milan (2011) - 作者单位:Shohei Hiruta (15)
Yukiko Yamaguchi (16)
Hajime Shimada (16)
Hiroki Takakura (17)
Takeshi Yagi (18)
Mitsuaki Akiyama (18)
15. Graduate School of Information Science, Nagoya University, Nagoya, Aichi, Japan
16. Information Technology Center, Nagoya University, Nagoya, Aichi, Japan
17. National Institute of Informatics, Chiyoda-ku, Tokyo, Japan
18. NTT Secure Platform Laboratories, Musashino, Tokyo, Japan - 丛书名:Cryptology and Network Security
- ISBN:978-3-319-48965-0
- 刊物类别:Computer Science
- 刊物主题:Artificial Intelligence and Robotics
Computer Communication Networks
Software Engineering
Data Encryption
Database Management
Computation by Abstract Devices
Algorithm Analysis and Problem Complexity - 出版者:Springer Berlin / Heidelberg
- ISSN:1611-3349
- 卷排序:10052
文摘
Recent malware is becoming sophisticated year by year. It often uses common protocols like HTTP to imitate normal communications. So, we have to consider activities in common protocols when we analyze malware. Meanwhile, the number of malware analysts is insufficient compared to new malware generation speed. To solve this problem, there is expectation to a malware classification method which classifies huge number malware with quickness and accurate. With this method, malware analysts can dedicate to the investigation of new types of malware. In this paper, we propose a malware classification method using Session Sequence of common protocols which classifies malware into new or existing one. Furthermore, if the malware is classified as existing malware, the proposed method also classifies it into existing malware families. We evaluated our proposed method with traffics of 502 malware samples. The experimental results shows that our method can correctly judge and classify in 84.5 % accuracy.