基于自组织映射的恶意软件行为聚类分析

2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA) Pub Date : 2016-06-13 DOI:10.1109/CyberSA.2016.7503289

Radu S. Pirscoveanu, Matija Stevanovic, J. Pedersen

{"title":"基于自组织映射的恶意软件行为聚类分析","authors":"Radu S. Pirscoveanu, Matija Stevanovic, J. Pedersen","doi":"10.1109/CyberSA.2016.7503289","DOIUrl":null,"url":null,"abstract":"For the time being, malware behavioral classification is performed by means of Anti-Virus (AV) generated labels. The paper investigates the inconsistencies associated with current practices by evaluating the identified differences between current vendors. In this paper we rely on Self Organizing Map, an unsupervised machine learning algorithm, for generating clusters that capture the similarities between malware behavior. A data set of approximately 270,000 samples was used to generate the behavioral profile of malicious types in order to compare the outcome of the proposed clustering approach with the labels collected from 57 Antivirus vendors using VirusTotal. Upon evaluating the results, the paper concludes on shortcomings of relying on AV vendors for labeling malware samples. In order to solve the problem, a cluster-based classification is proposed, which should provide more accurate results based on the clusters created by competitive and cooperative algorithms like Self Organizing Map that better describe the behavioral profile of malware.","PeriodicalId":179031,"journal":{"name":"2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Clustering analysis of malware behavior using Self Organizing Map\",\"authors\":\"Radu S. Pirscoveanu, Matija Stevanovic, J. Pedersen\",\"doi\":\"10.1109/CyberSA.2016.7503289\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"For the time being, malware behavioral classification is performed by means of Anti-Virus (AV) generated labels. The paper investigates the inconsistencies associated with current practices by evaluating the identified differences between current vendors. In this paper we rely on Self Organizing Map, an unsupervised machine learning algorithm, for generating clusters that capture the similarities between malware behavior. A data set of approximately 270,000 samples was used to generate the behavioral profile of malicious types in order to compare the outcome of the proposed clustering approach with the labels collected from 57 Antivirus vendors using VirusTotal. Upon evaluating the results, the paper concludes on shortcomings of relying on AV vendors for labeling malware samples. In order to solve the problem, a cluster-based classification is proposed, which should provide more accurate results based on the clusters created by competitive and cooperative algorithms like Self Organizing Map that better describe the behavioral profile of malware.\",\"PeriodicalId\":179031,\"journal\":{\"name\":\"2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2016.7503289\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2016.7503289","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

目前，恶意软件的行为分类主要是通过AV (Anti-Virus)生成的标签进行的。本文通过评估当前供应商之间确定的差异来调查与当前实践相关的不一致性。在本文中，我们依靠自组织映射，一种无监督机器学习算法，来生成捕获恶意软件行为之间相似性的聚类。使用大约270,000个样本的数据集来生成恶意类型的行为概况，以便将所提出的聚类方法的结果与使用VirusTotal从57个反病毒供应商收集的标签进行比较。在评估结果的基础上，总结了依赖反病毒厂商标记恶意软件样本的不足。为了解决这一问题，提出了一种基于聚类的分类方法，该方法基于竞争和合作算法(如Self Organizing Map)所产生的聚类，能够更好地描述恶意软件的行为特征，从而提供更准确的分类结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Clustering analysis of malware behavior using Self Organizing Map

For the time being, malware behavioral classification is performed by means of Anti-Virus (AV) generated labels. The paper investigates the inconsistencies associated with current practices by evaluating the identified differences between current vendors. In this paper we rely on Self Organizing Map, an unsupervised machine learning algorithm, for generating clusters that capture the similarities between malware behavior. A data set of approximately 270,000 samples was used to generate the behavioral profile of malicious types in order to compare the outcome of the proposed clustering approach with the labels collected from 57 Antivirus vendors using VirusTotal. Upon evaluating the results, the paper concludes on shortcomings of relying on AV vendors for labeling malware samples. In order to solve the problem, a cluster-based classification is proposed, which should provide more accurate results based on the clusters created by competitive and cooperative algorithms like Self Organizing Map that better describe the behavioral profile of malware.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)

自引率

0.00%

发文量