An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis

MILCOM 2012 - 2012 IEEE Military Communications Conference Pub Date : 2012-10-01 DOI:10.1109/MILCOM.2012.6415819

Jaime C. Acosta, Humberto Mendoza, Brenda G. Medina

{"title":"An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis","authors":"Jaime C. Acosta, Humberto Mendoza, Brenda G. Medina","doi":"10.1109/MILCOM.2012.6415819","DOIUrl":null,"url":null,"abstract":"It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.","PeriodicalId":18720,"journal":{"name":"MILCOM 2012 - 2012 IEEE Military Communications Conference","volume":"37 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2012 - 2012 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2012.6415819","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.

查看原文本刊更多论文

一种高效的基于行为的恶意软件检测和分析的公共子字符串算法

众所周知，恶意软件(蠕虫、僵尸网络等)在通信系统中茁壮成长。检测和分析恶意软件的过程非常隐蔽，不适合实时应用，这对恶意软件的传播至关重要。由于这个原因，最近的方法识别恶意软件动态跟踪日志之间的相似性，以提取恶意行为片段。这些片段可以被人工分析人员标记，并用于识别恶意软件。这些方法的一个主要问题是它们需要大量的处理资源。这主要是由于每年都有大量的恶意软件被发布(2011年有超过1700万个新实例)。本文提出了一种识别恶意软件集合动态跟踪事件中公共子字符串的有效算法。该算法通过并行处理，在理论线性时间内找到恶意软件对之间的公共子串。该算法在CUDA上实现，结果表明与以前的实现相比，性能提高了8倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

MILCOM 2012 - 2012 IEEE Military Communications Conference

自引率

0.00%

发文量