Helen-Maria Dounavi, Anna Mpanti, Stavros D. Nikolopoulos, Iosif Polenakis
{"title":"基于时间图区域匹配的恶意软件检测与分类","authors":"Helen-Maria Dounavi, Anna Mpanti, Stavros D. Nikolopoulos, Iosif Polenakis","doi":"10.1145/3472410.3472417","DOIUrl":null,"url":null,"abstract":"In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.","PeriodicalId":115575,"journal":{"name":"Proceedings of the 22nd International Conference on Computer Systems and Technologies","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs\",\"authors\":\"Helen-Maria Dounavi, Anna Mpanti, Stavros D. Nikolopoulos, Iosif Polenakis\",\"doi\":\"10.1145/3472410.3472417\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.\",\"PeriodicalId\":115575,\"journal\":{\"name\":\"Proceedings of the 22nd International Conference on Computer Systems and Technologies\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 22nd International Conference on Computer Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3472410.3472417\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 22nd International Conference on Computer Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3472410.3472417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs
In this paper we present an integrated graph-based framework that utilizes relations between groups of System-calls, in order to detect whether an unknown software sample is malicious or benign, and to a further extent to classify it to a known malware family. A novel graph-based approach for the representation of software samples over the depiction of the structural evolution over time, the so-called Temporal Graphs, is discussed, and a method for measuring graph similarity among specific Regions of such graphs is proposed, the so-called Regional Matching. The partitioning of the Temporal Graphs that depicts their structural evolution over time is defined by specific time-slots, while the quantitative characteristics that depict the commonalities appeared over the weights of the vertices are measured by a similarity metric in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection and classification ability of our proposed graph-based framework performing an experimental study over the achieved results utilizing a set of known malicious samples that are indexed into malware families.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
