期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于图结构的恶意代码同源性分析 被引量:9

Homology analysis of malware based on graph
下载PDF
导出
摘要 恶意代码检测和同源性分析一直是恶意代码分析领域的研究热点。从恶意代码提取的API调用图,能够有效表示恶意代码的行为信息,但由于求解子图同构问题的算法复杂度较高,使基于图结构特征的恶意代码分析效率较低。为此,提出了利用卷积神经网络对恶意代码API调用图进行处理的方法。通过选择关键节点,以关键节点邻域构建感知野,使图结构数据转换为卷积神经网络能够处理的结构。通过对8个家族的恶意样本进行学习和测试,实验结果表明,恶意代码同源性分析的准确率达到93%,并且针对恶意代码检测的准确率达到96%。 Malware detection and homology analysis has been the hotspot of malware analysis.API call graph of malware can represent the behavior of it.Because of the subgraph isomorphism algorithm has high complexity,the analysis of malware based on the graph structure with low efficiency.Therefore,this studies a homology analysis method of API graph of malware that use convolutional neural network.By selecting the key nodes,and construct neighborhood receptive field,the convolution neural network can handle graph structure data.Experimental results on 8 real-world malware family,shows that the accuracy rate of homology malware analysis achieves 93%,and the accuracy rate of the detection of malicious code to 96%.
作者 赵炳麟 孟曦 韩金 王婧 刘福东
机构地区 数学工程与先进计算国家重点实验室
出处 《通信学报》 EI CSCD 北大核心 2017年第S2期86-93,共8页 Journal on Communications
关键词 恶意代码 同源性分析 API调用图 卷积神经网络 malware homology analysis API call graph convolutional neural network
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献13

  • 1KraneDE RaymerML 孙啸 陆祖宏 谢建明 译.生物信息学概论[M].北京:清华大学出版社,2004..
  • 2Kinable J, Kostakis O. Malware classification based on call graph clustering[J]. Journal in Computer Vi-rology, 2011,7 : 233-245.
  • 3Park Y, Reeves D, Mulukutla V, et al. Fast malware classification by automated behavioral graph matching [C/OL]. [ 2013-01-05]. http ://modusoperandi. csc. ncsu. edu/ papers/graphmatch, pd f .
  • 4Bunke H. On a relation between graph edit distance and maximum common subgraph[J]. Pattern Recogni- tion Letters, 1997, 18(8):689-694.
  • 5Riesen K, Neuhaus M, Bunke H. Bipartite graph matching for computing edit distances of graphs[C]// GBRPR 2007 ( LNCS 4538 ). Berlin Heidelberg: Springer-Verlag, 2007 : 1-12.
  • 6Ciaccia P, Patella M. M-tree: An efficient access method for similarity search in metric spaces [C]// Proc of the 24th Int ' l Con f on Very Large Data Ba- ses (VLDB'97). Greece: Morgan Kaufmann Publish- ers, 1997: 426-435.
  • 7Yianilos P N. Data structures and algorithms for nea- rest neighbor search in general metric spaees [C]// Proceedings of the Fourth ACM-SIAM Symposium on Discrete Algorithms (SODA ' 93). Austin: ACM Press, 1993: 311-321.
  • 8Bozkaya T, Ozsoyoglu M. Distance-based indexing for high-dimensional metric spaces[J]. SIGMOD Record (ACM Special Interest Group on Management of Da- ta), 2001,26(2) :357-368.
  • 9Hu X, Chiueh T, Shin K G. Large-scale malware in- dexing using function-call graphs[C]//Proceedings of the 16th ACM Conference on Computer and Communi- cations Security (CCS'09). Chicago. ACM Press, 2009. 611-620.
  • 10Kolter J Z, Maloof M A. I.earning to detect and classify ma- licious executables in the wild[J]. The Journal of Machine Learning Research, 2006,7:2721-2744.

共引文献14

同被引文献65

引证文献9

二级引证文献49

通信学报
2017年 第S2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部