{"title":"探索基于网络的恶意软件分类","authors":"Natalia Stakhanova, Mathieu Couture, A. Ghorbani","doi":"10.1109/MALWARE.2011.6112321","DOIUrl":null,"url":null,"abstract":"Over the last years, dynamic and static malware analysis techniques have made significant progress. Majority of the existing analysis systems primarily focus on internal host activity. In spite of the importance of network activity, only a limited set of analysis tools have recently started taking it into account. In this work, we study the value of network activity for malware classification by various antivirus products. Specifically, we ask the following question: How well can we classify malware according to network activity? We monitor the execution of a malware sample in a controlled environment and summarize the obtained high-level network information in a graph. We then analyze graphs similarity to determine whether such high-level behavioral profile is sufficient to provide accurate classification of mal-ware samples. The experimental study on a real-world mal-ware collection demonstrates that our approach is able to group malware samples that behave similarly.","PeriodicalId":375300,"journal":{"name":"2011 6th International Conference on Malicious and Unwanted Software","volume":"117 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Exploring network-based malware classification\",\"authors\":\"Natalia Stakhanova, Mathieu Couture, A. Ghorbani\",\"doi\":\"10.1109/MALWARE.2011.6112321\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Over the last years, dynamic and static malware analysis techniques have made significant progress. Majority of the existing analysis systems primarily focus on internal host activity. In spite of the importance of network activity, only a limited set of analysis tools have recently started taking it into account. In this work, we study the value of network activity for malware classification by various antivirus products. Specifically, we ask the following question: How well can we classify malware according to network activity? We monitor the execution of a malware sample in a controlled environment and summarize the obtained high-level network information in a graph. We then analyze graphs similarity to determine whether such high-level behavioral profile is sufficient to provide accurate classification of mal-ware samples. The experimental study on a real-world mal-ware collection demonstrates that our approach is able to group malware samples that behave similarly.\",\"PeriodicalId\":375300,\"journal\":{\"name\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"volume\":\"117 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2011.6112321\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 6th International Conference on Malicious and Unwanted Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2011.6112321","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Over the last years, dynamic and static malware analysis techniques have made significant progress. Majority of the existing analysis systems primarily focus on internal host activity. In spite of the importance of network activity, only a limited set of analysis tools have recently started taking it into account. In this work, we study the value of network activity for malware classification by various antivirus products. Specifically, we ask the following question: How well can we classify malware according to network activity? We monitor the execution of a malware sample in a controlled environment and summarize the obtained high-level network information in a graph. We then analyze graphs similarity to determine whether such high-level behavioral profile is sufficient to provide accurate classification of mal-ware samples. The experimental study on a real-world mal-ware collection demonstrates that our approach is able to group malware samples that behave similarly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
