在静态分析中使用N-Gram变量进行恶意软件检测

2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC) Pub Date : 2022-09-01 DOI:10.1109/SYNASC57785.2022.00037

Marco Radovancovici, Darius Galis, Ciprian-Petrisor Pungila

{"title":"在静态分析中使用N-Gram变量进行恶意软件检测","authors":"Marco Radovancovici, Darius Galis, Ciprian-Petrisor Pungila","doi":"10.1109/SYNASC57785.2022.00037","DOIUrl":null,"url":null,"abstract":"Most of intrusion detection systems nowadays employ signature based analysis that often fails when newer or modified malware versions are brought into play. Intrusion detection systems working with cryptanalysis would offer some advantages against obfuscated code or newly derived viruses based on classic exploits. In this paper, we are applying an index of coincidence approach from cryptanalysis with a N-gram pattern-matching technique on recent binaries, to attempt classification of malicious code. Those characteristics are studied with the use of modern data mining methods, namely K-means, to discover interesting clusters for classification and properties of malicious behavior. The challenges of gathering, working with, learning from and classifying large amounts of virus datasets with different techniques are explored.","PeriodicalId":446065,"journal":{"name":"2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Using N-Gram Variations in Static Analysis for Malware Detection\",\"authors\":\"Marco Radovancovici, Darius Galis, Ciprian-Petrisor Pungila\",\"doi\":\"10.1109/SYNASC57785.2022.00037\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most of intrusion detection systems nowadays employ signature based analysis that often fails when newer or modified malware versions are brought into play. Intrusion detection systems working with cryptanalysis would offer some advantages against obfuscated code or newly derived viruses based on classic exploits. In this paper, we are applying an index of coincidence approach from cryptanalysis with a N-gram pattern-matching technique on recent binaries, to attempt classification of malicious code. Those characteristics are studied with the use of modern data mining methods, namely K-means, to discover interesting clusters for classification and properties of malicious behavior. The challenges of gathering, working with, learning from and classifying large amounts of virus datasets with different techniques are explored.\",\"PeriodicalId\":446065,\"journal\":{\"name\":\"2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SYNASC57785.2022.00037\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC57785.2022.00037","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

目前，大多数入侵检测系统采用基于签名的分析，当引入更新或修改的恶意软件版本时，通常会失败。与密码分析一起工作的入侵检测系统将在对抗混淆代码或基于经典漏洞的新衍生病毒方面提供一些优势。在本文中，我们将密码分析中的巧合索引方法与N-gram模式匹配技术应用于最近的二进制文件，以尝试对恶意代码进行分类。使用现代数据挖掘方法(即K-means)对这些特征进行研究，以发现用于分类和恶意行为属性的有趣聚类。探讨了使用不同技术收集、处理、学习和分类大量病毒数据集的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using N-Gram Variations in Static Analysis for Malware Detection

Most of intrusion detection systems nowadays employ signature based analysis that often fails when newer or modified malware versions are brought into play. Intrusion detection systems working with cryptanalysis would offer some advantages against obfuscated code or newly derived viruses based on classic exploits. In this paper, we are applying an index of coincidence approach from cryptanalysis with a N-gram pattern-matching technique on recent binaries, to attempt classification of malicious code. Those characteristics are studied with the use of modern data mining methods, namely K-means, to discover interesting clusters for classification and properties of malicious behavior. The challenges of gathering, working with, learning from and classifying large amounts of virus datasets with different techniques are explored.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 24th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)

自引率

0.00%

发文量