{"title":"恶意软件分类的字节可视化方法","authors":"Zhuojun Ren, Guang Chen, Wenke Lu","doi":"10.1145/3409073.3409093","DOIUrl":null,"url":null,"abstract":"The exponential increase in the number of malware stems from the fact that attackers often create malware variants with automated tools. And automated tools generally tend to reuse similar function modules. It is essential, therefore, that security analysts distinguish malware families by recognizing similar modules. For this reason, we present a new visualization method for malware pedigree analysis, using visual similarities in the byte distributions of malware to implement classification. The method converts malware samples into dot plot patterns, and then searches for k-nearest neighbors of every tested sample with the Jaccard distance to determine its family. To evaluate the classification performance of the proposed method, we randomly collected 771 harmful binary files from 72 malware families on the VX Heavens website. With the value of k varying between 1 and 9, our method had the best accuracy of 92.48% when k = 1.The experimental results show that the proposed method can distinguish malware families effectively.","PeriodicalId":229746,"journal":{"name":"Proceedings of the 2020 5th International Conference on Machine Learning Technologies","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Byte Visualization Method for Malware Classification\",\"authors\":\"Zhuojun Ren, Guang Chen, Wenke Lu\",\"doi\":\"10.1145/3409073.3409093\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The exponential increase in the number of malware stems from the fact that attackers often create malware variants with automated tools. And automated tools generally tend to reuse similar function modules. It is essential, therefore, that security analysts distinguish malware families by recognizing similar modules. For this reason, we present a new visualization method for malware pedigree analysis, using visual similarities in the byte distributions of malware to implement classification. The method converts malware samples into dot plot patterns, and then searches for k-nearest neighbors of every tested sample with the Jaccard distance to determine its family. To evaluate the classification performance of the proposed method, we randomly collected 771 harmful binary files from 72 malware families on the VX Heavens website. With the value of k varying between 1 and 9, our method had the best accuracy of 92.48% when k = 1.The experimental results show that the proposed method can distinguish malware families effectively.\",\"PeriodicalId\":229746,\"journal\":{\"name\":\"Proceedings of the 2020 5th International Conference on Machine Learning Technologies\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 5th International Conference on Machine Learning Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3409073.3409093\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 5th International Conference on Machine Learning Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3409073.3409093","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Byte Visualization Method for Malware Classification
The exponential increase in the number of malware stems from the fact that attackers often create malware variants with automated tools. And automated tools generally tend to reuse similar function modules. It is essential, therefore, that security analysts distinguish malware families by recognizing similar modules. For this reason, we present a new visualization method for malware pedigree analysis, using visual similarities in the byte distributions of malware to implement classification. The method converts malware samples into dot plot patterns, and then searches for k-nearest neighbors of every tested sample with the Jaccard distance to determine its family. To evaluate the classification performance of the proposed method, we randomly collected 771 harmful binary files from 72 malware families on the VX Heavens website. With the value of k varying between 1 and 9, our method had the best accuracy of 92.48% when k = 1.The experimental results show that the proposed method can distinguish malware families effectively.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
