{"title":"基于并行序列比较的恶意软件检测与分类","authors":"Hao Ding, Wenjie Sun, Yihang Chen, Bing-lin Zhao, Hairen Gui","doi":"10.1109/ICSAI.2018.8599509","DOIUrl":null,"url":null,"abstract":"The traditional signature-based malware detection technology, which restricted by the updating frequency of the feature dataset, that cannot identify the new malware sample quickly. Malware from same type or same family usually have similar behaviors. Therefore, by comparing the similarity between the sequences represented by the function call sequence, which is less affected by the update frequency of the feature dataset. However, in face of a large number of malicious code samples to be detected, the size of the sequences extracted from the samples increases exponentially, which cannot guarantee the real-time detection of malware. In order to ensure the real time of malicious code detection, a parallel method based malicious code sequence comparison model is proposed in this paper. It includes two levels of parallelism, representing parallelism of different granularity, which effectively improves the efficiency of malicious code detection and recognition. The evaluation shows that our method has high effectiveness and efficiency with the large-scale data sets.","PeriodicalId":375852,"journal":{"name":"2018 5th International Conference on Systems and Informatics (ICSAI)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Malware Detection and Classification Based on Parallel Sequence Comparison\",\"authors\":\"Hao Ding, Wenjie Sun, Yihang Chen, Bing-lin Zhao, Hairen Gui\",\"doi\":\"10.1109/ICSAI.2018.8599509\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The traditional signature-based malware detection technology, which restricted by the updating frequency of the feature dataset, that cannot identify the new malware sample quickly. Malware from same type or same family usually have similar behaviors. Therefore, by comparing the similarity between the sequences represented by the function call sequence, which is less affected by the update frequency of the feature dataset. However, in face of a large number of malicious code samples to be detected, the size of the sequences extracted from the samples increases exponentially, which cannot guarantee the real-time detection of malware. In order to ensure the real time of malicious code detection, a parallel method based malicious code sequence comparison model is proposed in this paper. It includes two levels of parallelism, representing parallelism of different granularity, which effectively improves the efficiency of malicious code detection and recognition. The evaluation shows that our method has high effectiveness and efficiency with the large-scale data sets.\",\"PeriodicalId\":375852,\"journal\":{\"name\":\"2018 5th International Conference on Systems and Informatics (ICSAI)\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 5th International Conference on Systems and Informatics (ICSAI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSAI.2018.8599509\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 5th International Conference on Systems and Informatics (ICSAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSAI.2018.8599509","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Malware Detection and Classification Based on Parallel Sequence Comparison
The traditional signature-based malware detection technology, which restricted by the updating frequency of the feature dataset, that cannot identify the new malware sample quickly. Malware from same type or same family usually have similar behaviors. Therefore, by comparing the similarity between the sequences represented by the function call sequence, which is less affected by the update frequency of the feature dataset. However, in face of a large number of malicious code samples to be detected, the size of the sequences extracted from the samples increases exponentially, which cannot guarantee the real-time detection of malware. In order to ensure the real time of malicious code detection, a parallel method based malicious code sequence comparison model is proposed in this paper. It includes two levels of parallelism, representing parallelism of different granularity, which effectively improves the efficiency of malicious code detection and recognition. The evaluation shows that our method has high effectiveness and efficiency with the large-scale data sets.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
