恶意软件行为表示的轻量级设计

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.198

Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He

{"title":"恶意软件行为表示的轻量级设计","authors":"Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He","doi":"10.1109/TrustCom.2013.198","DOIUrl":null,"url":null,"abstract":"To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A Lightweight Design of Malware Behavior Representation\",\"authors\":\"Yong Qiao, Yuexiang Yang, Lin Ji, Chuan Tang, Jie He\",\"doi\":\"10.1109/TrustCom.2013.198\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.198\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.198","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

为了将恶意软件行为报告编码为可访问的形式，以供数据挖掘和机器等自动分析方法使用，我们提出了一种轻量级的恶意软件行为表示设计，称为BBIS (Bytes-Based Instruction Set)，它可以使用最少的单字节字符来表示动态行为报告中的项目。BBIS能够针对不同的应用场景构建灵活的映射表。实验表明，与现有方法相比，BBIS在保持聚类性能的同时，显著降低了计算量和存储成本。此外，还引入了一种称为CHRL(对数级高重复压缩)的方法来压缩意外API调用序列中经常出现的重复。与BBIS相结合，CHRL可以进一步减少行为报告的大小，从而大大减少计算时间，同时保持或提高进一步恶意软件分析(如聚类)的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Lightweight Design of Malware Behavior Representation

To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量