| Presentation | 2015-03-04 Evaluation on Malware Classification by Combining Traffic Analysis and Fuzzy Hashing of Malware Binary Shohei HIRUTA, Yukiko YAMAGUCHI, Hajime SHIMADA, Hiroki TAKAKURA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recent cyber attacks frequently use variants of malware programs where existing functions are drastically improved and new functions are developed. In addition to obfuscation and encryption, many malware programs change their behavior by examining their execution environment. They cannot be classified to appropriate families only by static analysis. Efficient methods are required in order to fight against huge amounts of malware programs with reducing expensive cost of manual analysis. In this paper, we propose unified approach of dynamic traffic analysis and static program analysis. Similar to other conventional methods, the former performs feature extraction, clustering and labeling to represent traffic data as sequence of characters. Then Fuzzy Hash adjusts the length of the sequence for similarity calculation. The latter applies Fuzzy Hash to malware programs. From the experimental results by using 340 malware samples and their traffic data, our method can correctly identify 58.4% of malware. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Malware classification / Static analysis / Dynamic analysis / Similarity Measure |
| Paper # | ICSS2014-96 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2015/2/24(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluation on Malware Classification by Combining Traffic Analysis and Fuzzy Hashing of Malware Binary |
| Sub Title (in English) | |
| Keyword(1) | Malware classification |
| Keyword(2) | Static analysis |
| Keyword(3) | Dynamic analysis |
| Keyword(4) | Similarity Measure |
| 1st Author's Name | Shohei HIRUTA |
| 1st Author's Affiliation | Department of Electrical and Electronic Engineering and Information Engineering School of Engineering, Nagoya University() |
| 2nd Author's Name | Yukiko YAMAGUCHI |
| 2nd Author's Affiliation | Information Technology Center, Nagoya University |
| 3rd Author's Name | Hajime SHIMADA |
| 3rd Author's Affiliation | Information Technology Center, Nagoya University |
| 4th Author's Name | Hiroki TAKAKURA |
| 4th Author's Affiliation | Information Technology Center, Nagoya University |
| Date | 2015-03-04 |
| Paper # | ICSS2014-96 |
| Volume (vol) | vol.114 |
| Number (no) | 489 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |