2019, Volume 20, Issue 6
Frontiers of Information Technology & Electronic Engineering >> 2019, Volume 20, Issue 6 doi: 10.1631/FITEE.1800523
Malware homology identification based on a gene perspective
Next Previous
Abstract
Malware homology identification is important in attacking event tracing, emergency response scheme generation, and event trend prediction. Current malware homology identification methods still rely on manual analysis, which is inefficient and cannot respond quickly to the outbreak of attack events. In response to these problems, we propose a new malware homology identification method from a gene perspective. A malware gene is represented by the subgraph, which can describe the homology of malware families. We extract the key subgraph from the function dependency graph as the malware gene by selecting the key application programming interface (API) and using the community partition algorithm. Then, we encode the gene and design a frequent subgraph mining algorithm to find the common genes between malware families. Finally, we use the family genes to guide the identification of malware based on homology. We evaluate our method with a public dataset, and the experiment results show that the accuracy of malware classification reaches 97% with high efficiency.
Keywords
Malware classification ; Gene perspective ; Dependency graph ; Homology analysis
京公网安备 11010502051620号
