使用文件系统足迹的恶意软件分类

2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR) Pub Date : 2016-05-19 DOI:10.1109/AQTR.2016.7501294

George Cabau, Magda Buhu, Ciprian Oprișa

{"title":"使用文件系统足迹的恶意软件分类","authors":"George Cabau, Magda Buhu, Ciprian Oprișa","doi":"10.1109/AQTR.2016.7501294","DOIUrl":null,"url":null,"abstract":"Automated analysis is useful in anti-malware research because it helps deal with large collections of samples and reduces the human effort. This paper describes an automated system that performs dynamic analysis by running new samples in a controlled environment and analyzing the operations they perform on the filesystem. These operations are used to train a Support Vector Machine classifier that can proactively detect new malware samples. The experimental evaluation showed that our automated system provides good results in terms of classification quality and in terms of performance. Being able to automatically decide if a file is clean or infected is very important in the antivirus industry, because based on this the file can be automatically blacklisted.","PeriodicalId":110627,"journal":{"name":"2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Malware classification using filesystem footprints\",\"authors\":\"George Cabau, Magda Buhu, Ciprian Oprișa\",\"doi\":\"10.1109/AQTR.2016.7501294\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated analysis is useful in anti-malware research because it helps deal with large collections of samples and reduces the human effort. This paper describes an automated system that performs dynamic analysis by running new samples in a controlled environment and analyzing the operations they perform on the filesystem. These operations are used to train a Support Vector Machine classifier that can proactively detect new malware samples. The experimental evaluation showed that our automated system provides good results in terms of classification quality and in terms of performance. Being able to automatically decide if a file is clean or infected is very important in the antivirus industry, because based on this the file can be automatically blacklisted.\",\"PeriodicalId\":110627,\"journal\":{\"name\":\"2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AQTR.2016.7501294\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AQTR.2016.7501294","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

自动化分析在反恶意软件研究中很有用，因为它有助于处理大量样本并减少人力。本文描述了一个自动化系统，该系统通过在受控环境中运行新的样本并分析它们在文件系统上执行的操作来执行动态分析。这些操作用于训练支持向量机分类器，该分类器可以主动检测新的恶意软件样本。实验结果表明，该系统在分类质量和性能方面都取得了良好的效果。能够自动判断一个文件是干净的还是受感染的，这在防病毒行业中非常重要，因为基于此，该文件可以被自动列入黑名单。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Malware classification using filesystem footprints

Automated analysis is useful in anti-malware research because it helps deal with large collections of samples and reduces the human effort. This paper describes an automated system that performs dynamic analysis by running new samples in a controlled environment and analyzing the operations they perform on the filesystem. These operations are used to train a Support Vector Machine classifier that can proactively detect new malware samples. The experimental evaluation showed that our automated system provides good results in terms of classification quality and in terms of performance. Being able to automatically decide if a file is clean or infected is very important in the antivirus industry, because based on this the file can be automatically blacklisted.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)

自引率

0.00%

发文量