恶意软件行为表示的轻量级设计

Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He
{"title":"恶意软件行为表示的轻量级设计","authors":"Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He","doi":"10.1109/TrustCom.2013.198","DOIUrl":null,"url":null,"abstract":"To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A Lightweight Design of Malware Behavior Representation\",\"authors\":\"Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He\",\"doi\":\"10.1109/TrustCom.2013.198\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.198\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.198","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

摘要

为了将恶意软件行为报告编码为可访问的形式,以供数据挖掘和机器等自动分析方法使用,我们提出了一种轻量级的恶意软件行为表示设计,称为BBIS (Bytes-Based Instruction Set),它可以使用最少的单字节字符来表示动态行为报告中的项目。BBIS能够针对不同的应用场景构建灵活的映射表。实验表明,与现有方法相比,BBIS在保持聚类性能的同时,显著降低了计算量和存储成本。此外,还引入了一种称为CHRL(对数级高重复压缩)的方法来压缩意外API调用序列中经常出现的重复。与BBIS相结合,CHRL可以进一步减少行为报告的大小,从而大大减少计算时间,同时保持或提高进一步恶意软件分析(如聚类)的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A Lightweight Design of Malware Behavior Representation
To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信