Jaime C. Acosta, Humberto Mendoza, Brenda G. Medina
{"title":"一种高效的基于行为的恶意软件检测和分析的公共子字符串算法","authors":"Jaime C. Acosta, Humberto Mendoza, Brenda G. Medina","doi":"10.1109/MILCOM.2012.6415819","DOIUrl":null,"url":null,"abstract":"It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.","PeriodicalId":18720,"journal":{"name":"MILCOM 2012 - 2012 IEEE Military Communications Conference","volume":"37 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis\",\"authors\":\"Jaime C. Acosta, Humberto Mendoza, Brenda G. Medina\",\"doi\":\"10.1109/MILCOM.2012.6415819\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.\",\"PeriodicalId\":18720,\"journal\":{\"name\":\"MILCOM 2012 - 2012 IEEE Military Communications Conference\",\"volume\":\"37 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2012 - 2012 IEEE Military Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2012.6415819\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2012 - 2012 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2012.6415819","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis
It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
