Abstract | ||
---|---|---|
Nowadays, the dramatically increased malware causes severe challenges to computer security. Most emerging instances are variants of previously encountered malware through polymorphism and metamorphism techniques. The traditional signature-based detecting methods are ineffective to recognize the enormous variants. Malware similarity analysis has become the mainstream technique of identifying variants. However, most existing methods are either hard to handle polymorphic and metamorphic samples based on static structure feature, or time consuming and resource intensive by using dynamic behavior feature. In this paper, we propose a novel malware similarity analysis method based on a fine-grained hybrid feature by exploiting the complementary nature of static and dynamic analysis. We integrate dynamic runtime behavior with static function-call graph. The hybrid feature overcomes the limitation of using static and dynamic feature separately and with more accuracy. Furtherly, we use graph edit distance, and inexact graph matching algorithm as metric to measure the distance between malicious instances. We have evaluated our algorithm on real-world dataset and compared with other approach. The experiments demonstrate that our method achieves higher accuracy. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-981-10-3023-9_9 | ADVANCES IN COMPUTER SCIENCE AND UBIQUITOUS COMPUTING |
Keywords | DocType | Volume |
Similarity analysis,Function-call graph,Hybrid feature,Graph edit distance | Conference | 421 |
ISSN | Citations | PageRank |
1876-1100 | 0 | 0.34 |
References | Authors | |
3 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jing Liu | 1 | 0 | 0.34 |
Yongjun Wang | 2 | 27 | 9.19 |
Peidai Xie | 3 | 11 | 4.97 |
Xingkong Ma | 4 | 74 | 12.84 |