A Lightweight Malware Classification Method Based on Detection Results of Anti-Virus Software

2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI:10.1109/AsiaJCIS.2017.20

Younsu Lee, Sang-So Choi, Jangwon Choi, Jungsuk Song

{"title":"A Lightweight Malware Classification Method Based on Detection Results of Anti-Virus Software","authors":"Younsu Lee, Sang-So Choi, Jangwon Choi, Jungsuk Song","doi":"10.1109/AsiaJCIS.2017.20","DOIUrl":null,"url":null,"abstract":"With the development of cyber threats on the Internet, the number of malware, especially unknown malware, is also dramatically increasing. Since all of malware cannot be analyzed by analysts, it is very important to find out new malware that should be analyzed by them. In order to cope with this issue, the existing approaches focused on malware classification using static or dynamic analysis results of malware. However, the static and the dynamic analyses themselves are also too costly and not easy to build the isolated, secure and Internet-like analysis environments such as sandbox. In this paper, we propose a lightweight malware classification method based on detection results of anti-virus software. Since the proposed method can reduce the volume of malware that should be analyzed by analysts, it can be used as a preprocess for in-depth analysis of malware. The experimental showed that the proposed method succeeded in classification of 1,000 malware samples into 187 unique groups. This means that 81% of the original malware samples do not need to analyze by analysts.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2017.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

With the development of cyber threats on the Internet, the number of malware, especially unknown malware, is also dramatically increasing. Since all of malware cannot be analyzed by analysts, it is very important to find out new malware that should be analyzed by them. In order to cope with this issue, the existing approaches focused on malware classification using static or dynamic analysis results of malware. However, the static and the dynamic analyses themselves are also too costly and not easy to build the isolated, secure and Internet-like analysis environments such as sandbox. In this paper, we propose a lightweight malware classification method based on detection results of anti-virus software. Since the proposed method can reduce the volume of malware that should be analyzed by analysts, it can be used as a preprocess for in-depth analysis of malware. The experimental showed that the proposed method succeeded in classification of 1,000 malware samples into 187 unique groups. This means that 81% of the original malware samples do not need to analyze by analysts.

查看原文本刊更多论文

基于杀毒软件检测结果的轻量级恶意软件分类方法

随着网络威胁的不断发展，恶意软件尤其是未知恶意软件的数量也在急剧增加。由于分析人员无法分析所有的恶意软件，因此发现需要分析的新恶意软件非常重要。为了解决这一问题，现有的方法主要是利用恶意软件的静态或动态分析结果对恶意软件进行分类。然而，静态和动态分析本身也过于昂贵，并且不容易构建隔离的、安全的和类似internet的分析环境，如沙箱。本文提出了一种基于杀毒软件检测结果的轻量级恶意软件分类方法。由于该方法可以减少分析人员需要分析的恶意软件数量，因此可以作为深入分析恶意软件的预处理。实验表明，该方法成功地将1000个恶意软件样本分类为187个不同的组。这意味着81%的原始恶意软件样本不需要分析人员进行分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 12th Asia Joint Conference on Information Security (AsiaJCIS)

自引率

0.00%

发文量