{"title":"一种应用于移动网络的恶意软件签名提取与检测方法","authors":"Guoning Hu, D. Venugopal","doi":"10.1109/PCCC.2007.358875","DOIUrl":null,"url":null,"abstract":"The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware detection is a core component of a security system protecting mobile networks. In this paper, we describe a system for detecting malware within the network traffic using malware signatures. Our system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. In particular, we reduce the number of signatures by using a common signature for a malware and its variants. In addition, we minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.","PeriodicalId":356565,"journal":{"name":"2007 IEEE International Performance, Computing, and Communications Conference","volume":"4 9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"A Malware Signature Extraction and Detection Method Applied to Mobile Networks\",\"authors\":\"Guoning Hu, D. Venugopal\",\"doi\":\"10.1109/PCCC.2007.358875\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware detection is a core component of a security system protecting mobile networks. In this paper, we describe a system for detecting malware within the network traffic using malware signatures. Our system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. In particular, we reduce the number of signatures by using a common signature for a malware and its variants. In addition, we minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.\",\"PeriodicalId\":356565,\"journal\":{\"name\":\"2007 IEEE International Performance, Computing, and Communications Conference\",\"volume\":\"4 9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE International Performance, Computing, and Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PCCC.2007.358875\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Performance, Computing, and Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PCCC.2007.358875","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Malware Signature Extraction and Detection Method Applied to Mobile Networks
The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware detection is a core component of a security system protecting mobile networks. In this paper, we describe a system for detecting malware within the network traffic using malware signatures. Our system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. In particular, we reduce the number of signatures by using a common signature for a malware and its variants. In addition, we minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
