Taegyu Kim, Woomin Hwang, Ki-Woong Park, Kyungoh Park
{"title":"I-Filter:用于加速恶意软件变体分类的相同结构化控制流字符串过滤器","authors":"Taegyu Kim, Woomin Hwang, Ki-Woong Park, Kyungoh Park","doi":"10.1109/ISBAST.2014.7013126","DOIUrl":null,"url":null,"abstract":"As the number of malware variants has grown rapidly, classification speed has become crucial in security issues. While several techniques for malware variant classification have been proposed, they involve a speed-accuracy trade-off. In an attempt to achieve a speedy and accurate malware variant classification, we thoroughly analyze previously proposed methods and identify a critical performance bottleneck in string-to-string matching. This paper presents and evaluates a technique called I-Filter that enhances the performance of the previous approach, approximate matching. I-Filter has the following novel mechanism, the hash-based equivalent procedure matching technique. Our performance evaluation confirms that a performance improvement of on average 1,043 times through I-Filtering.","PeriodicalId":292333,"journal":{"name":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"I-Filter: Identical Structured Control Flow String filter for accelerated malware variant classification\",\"authors\":\"Taegyu Kim, Woomin Hwang, Ki-Woong Park, Kyungoh Park\",\"doi\":\"10.1109/ISBAST.2014.7013126\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the number of malware variants has grown rapidly, classification speed has become crucial in security issues. While several techniques for malware variant classification have been proposed, they involve a speed-accuracy trade-off. In an attempt to achieve a speedy and accurate malware variant classification, we thoroughly analyze previously proposed methods and identify a critical performance bottleneck in string-to-string matching. This paper presents and evaluates a technique called I-Filter that enhances the performance of the previous approach, approximate matching. I-Filter has the following novel mechanism, the hash-based equivalent procedure matching technique. Our performance evaluation confirms that a performance improvement of on average 1,043 times through I-Filtering.\",\"PeriodicalId\":292333,\"journal\":{\"name\":\"2014 International Symposium on Biometrics and Security Technologies (ISBAST)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Symposium on Biometrics and Security Technologies (ISBAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISBAST.2014.7013126\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISBAST.2014.7013126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
I-Filter: Identical Structured Control Flow String filter for accelerated malware variant classification
As the number of malware variants has grown rapidly, classification speed has become crucial in security issues. While several techniques for malware variant classification have been proposed, they involve a speed-accuracy trade-off. In an attempt to achieve a speedy and accurate malware variant classification, we thoroughly analyze previously proposed methods and identify a critical performance bottleneck in string-to-string matching. This paper presents and evaluates a technique called I-Filter that enhances the performance of the previous approach, approximate matching. I-Filter has the following novel mechanism, the hash-based equivalent procedure matching technique. Our performance evaluation confirms that a performance improvement of on average 1,043 times through I-Filtering.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
