| Presentation | 2012-06-22 A High-Speed Classification Method based on Opcode of Malware Yang ZHONG, Hirofumi YAMAKI, Yukiko YAMAGUCHI, Hiroki TAKAKURA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Malicious software in form of Internet worms, computer viruses, and trojan horses poses a major threat to the security of network systems. Identification of malware variants provides great benefit in early detection. However, in recent years, it is hard to analyze the all malware programs by manual because of the explanation of malicious program variants which avoid the detection of anti-virus by changing a part of the original malware program code. Taking into account that variants of malware families share similar functions reflecting its origin and purpose, we propose a method focusing on opcodes of functions that a malware program consists of. In our method, the feature database is created based on the analysis of known malware programs, and functions in unknown programs are compared to the opcodes of the database to determine the program belong to what family. To decrease the cost of the calculation of similarity, we use a filtering algorithm to filter out functions which have small influence in determining the family. We evaluated the approach using 46 categorized malware samples and 178 malware samples to be classified. In the experiment, it is shown that our approach effectively reduce the time for calculation while the accuracy is not deteriorated too much. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | malware / static analysis / disassembly / function estimate |
| Paper # | IA2012-8,ICSS2012-8 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2012/6/14(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A High-Speed Classification Method based on Opcode of Malware |
| Sub Title (in English) | |
| Keyword(1) | malware |
| Keyword(2) | static analysis |
| Keyword(3) | disassembly |
| Keyword(4) | function estimate |
| 1st Author's Name | Yang ZHONG |
| 1st Author's Affiliation | Graduate School of Information Science, Nagoya University() |
| 2nd Author's Name | Hirofumi YAMAKI |
| 2nd Author's Affiliation | Information Technology Center, Nagoya University |
| 3rd Author's Name | Yukiko YAMAGUCHI |
| 3rd Author's Affiliation | Information Technology Center, Nagoya University |
| 4th Author's Name | Hiroki TAKAKURA |
| 4th Author's Affiliation | Information Technology Center, Nagoya University |
| Date | 2012-06-22 |
| Paper # | IA2012-8,ICSS2012-8 |
| Volume (vol) | vol.112 |
| Number (no) | 91 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |