基于图拓扑特征的恶意软件同源性分析技术研究

Research on Malware Homology Analysis Technology Based on Graph Topology

为了快速从海量恶意样本中筛选出已知样本的变种,减少分析未知恶意样本的工作量,经过研究,提出一种基于样本函数调用图(FCG)的拓扑特征对恶意样本进行家族同源性分类的方法。首先构建出每个样本的函数调用关系图,接着基于网络科学理论计算出每个样本函数调用图的拓扑特征,最后将筛选出的拓扑特征和相应样本的外部函数名称信息作为分类依据,采用机器学习算法对数据集进行训练和分类。

In order to quickly screen out the variants from massive malicious samples and reduce the workload of analyzing unknow samples,after study,presents an approach based on function call graph(FCG)to determine the family of malicious samples.First statically analyzes the FCG for each sample.Then,based on the network science theory,calculates the topological features.Next combined topological features which are selected with external function name of corresponding sample as classification basis.Finally,training and classifying the data sets use machine learning methods.