{"title":"基于动态行为的恶意软件分类","authors":"George Cabau, Magda Buhu, Ciprian Oprișa","doi":"10.1109/SYNASC.2016.057","DOIUrl":null,"url":null,"abstract":"Automated file analysis is important in malware research for identifying malicious files in large collection of samples. This paper describes an automatic system that can classify a file as infected based on the dynamic behavior of the file observed inside a controlled monitored environment. Based on features revealed at runtime, we train a Support Vector Machine classifier that can be further used to identify malicious files. The paper analyses the classifier performance based on several types of features, from raw runtime information to heuristics generated by expert systems and provides guidelines for the features selection process when dealing with this type of data. We show that by enlarging the features domain, our classifier gains proactivity and is able to detect previously unseen samples, even if they belong to different malware families.","PeriodicalId":268635,"journal":{"name":"2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Malware Classification Based on Dynamic Behavior\",\"authors\":\"George Cabau, Magda Buhu, Ciprian Oprișa\",\"doi\":\"10.1109/SYNASC.2016.057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated file analysis is important in malware research for identifying malicious files in large collection of samples. This paper describes an automatic system that can classify a file as infected based on the dynamic behavior of the file observed inside a controlled monitored environment. Based on features revealed at runtime, we train a Support Vector Machine classifier that can be further used to identify malicious files. The paper analyses the classifier performance based on several types of features, from raw runtime information to heuristics generated by expert systems and provides guidelines for the features selection process when dealing with this type of data. We show that by enlarging the features domain, our classifier gains proactivity and is able to detect previously unseen samples, even if they belong to different malware families.\",\"PeriodicalId\":268635,\"journal\":{\"name\":\"2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SYNASC.2016.057\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC.2016.057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated file analysis is important in malware research for identifying malicious files in large collection of samples. This paper describes an automatic system that can classify a file as infected based on the dynamic behavior of the file observed inside a controlled monitored environment. Based on features revealed at runtime, we train a Support Vector Machine classifier that can be further used to identify malicious files. The paper analyses the classifier performance based on several types of features, from raw runtime information to heuristics generated by expert systems and provides guidelines for the features selection process when dealing with this type of data. We show that by enlarging the features domain, our classifier gains proactivity and is able to detect previously unseen samples, even if they belong to different malware families.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
