考虑PE截面信息的集成恶意软件分类器

IF 0.4 4区 计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences Pub Date : 2023-01-01 DOI:10.1587/transfun.2023cip0024
Ren TAKEUCHI, Rikima MITSUHASHI, Masakatsu NISHIGAKI, Tetsushi OHKI
{"title":"考虑PE截面信息的集成恶意软件分类器","authors":"Ren TAKEUCHI, Rikima MITSUHASHI, Masakatsu NISHIGAKI, Tetsushi OHKI","doi":"10.1587/transfun.2023cip0024","DOIUrl":null,"url":null,"abstract":"The war between cyber attackers and security analysts is gradually intensifying. Owing to the ease of obtaining and creating support tools, recent malware continues to diversify into variants and new species. This increases the burden on security analysts and hinders quick analysis. Identifying malware families is crucial for efficiently analyzing diversified malware; thus, numerous low-cost, general-purpose, deep-learning-based classification techniques have been proposed in recent years. Among these methods, malware images that represent binary features as images are often used. However, no models or architectures specific to malware classification have been proposed in previous studies. Herein, we conduct a detailed analysis of the behavior and structure of malware and focus on PE sections that capture the unique characteristics of malware. First, we validate the features of each PE section that can distinguish malware families. Then, we identify PE sections that contain adequate features to classify families. Further, we propose an ensemble learning-based classification method that combines features of highly discriminative PE sections to improve classification accuracy. The validation of two datasets confirms that the proposed method improves accuracy over the baseline, thereby emphasizing its importance.","PeriodicalId":55003,"journal":{"name":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Ensemble Malware Classifier considering PE Section Information\",\"authors\":\"Ren TAKEUCHI, Rikima MITSUHASHI, Masakatsu NISHIGAKI, Tetsushi OHKI\",\"doi\":\"10.1587/transfun.2023cip0024\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The war between cyber attackers and security analysts is gradually intensifying. Owing to the ease of obtaining and creating support tools, recent malware continues to diversify into variants and new species. This increases the burden on security analysts and hinders quick analysis. Identifying malware families is crucial for efficiently analyzing diversified malware; thus, numerous low-cost, general-purpose, deep-learning-based classification techniques have been proposed in recent years. Among these methods, malware images that represent binary features as images are often used. However, no models or architectures specific to malware classification have been proposed in previous studies. Herein, we conduct a detailed analysis of the behavior and structure of malware and focus on PE sections that capture the unique characteristics of malware. First, we validate the features of each PE section that can distinguish malware families. Then, we identify PE sections that contain adequate features to classify families. Further, we propose an ensemble learning-based classification method that combines features of highly discriminative PE sections to improve classification accuracy. The validation of two datasets confirms that the proposed method improves accuracy over the baseline, thereby emphasizing its importance.\",\"PeriodicalId\":55003,\"journal\":{\"name\":\"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1587/transfun.2023cip0024\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1587/transfun.2023cip0024","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

网络攻击者和安全分析师之间的战争正在逐渐加剧。由于易于获取和创建支持工具,最近的恶意软件继续向变体和新物种多样化。这增加了安全分析人员的负担,阻碍了快速分析。识别恶意软件家族是有效分析各种恶意软件的关键;因此,近年来提出了许多低成本、通用、基于深度学习的分类技术。在这些方法中,经常使用将二进制特征表示为图像的恶意软件映像。然而,在以往的研究中,并没有提出针对恶意软件分类的模型或架构。在这里,我们对恶意软件的行为和结构进行了详细的分析,并专注于捕获恶意软件独特特征的PE部分。首先,我们验证了每个PE部分可以区分恶意软件家族的特征。然后,我们确定PE部分包含足够的特征来分类家庭。此外,我们提出了一种基于集成学习的分类方法,该方法结合了高判别性PE截面的特征来提高分类精度。两个数据集的验证证实了所提出的方法比基线提高了精度,从而强调了它的重要性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Ensemble Malware Classifier considering PE Section Information
The war between cyber attackers and security analysts is gradually intensifying. Owing to the ease of obtaining and creating support tools, recent malware continues to diversify into variants and new species. This increases the burden on security analysts and hinders quick analysis. Identifying malware families is crucial for efficiently analyzing diversified malware; thus, numerous low-cost, general-purpose, deep-learning-based classification techniques have been proposed in recent years. Among these methods, malware images that represent binary features as images are often used. However, no models or architectures specific to malware classification have been proposed in previous studies. Herein, we conduct a detailed analysis of the behavior and structure of malware and focus on PE sections that capture the unique characteristics of malware. First, we validate the features of each PE section that can distinguish malware families. Then, we identify PE sections that contain adequate features to classify families. Further, we propose an ensemble learning-based classification method that combines features of highly discriminative PE sections to improve classification accuracy. The validation of two datasets confirms that the proposed method improves accuracy over the baseline, thereby emphasizing its importance.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
1.10
自引率
20.00%
发文量
137
审稿时长
3.9 months
期刊介绍: Includes reports on research, developments, and examinations performed by the Society''s members for the specific fields shown in the category list such as detailed below, the contents of which may advance the development of science and industry: (1) Reports on new theories, experiments with new contents, or extensions of and supplements to conventional theories and experiments. (2) Reports on development of measurement technology and various applied technologies. (3) Reports on the planning, design, manufacture, testing, or operation of facilities, machinery, parts, materials, etc. (4) Presentation of new methods, suggestion of new angles, ideas, systematization, software, or any new facts regarding the above.
期刊最新文献
Post-Quantum Anonymous One-Sided Authenticated Key Exchange without Random Oracles Detection of False Data Injection Attacks in Distributed State Estimation of Power Networks An Accuracy Reconfigurable Vector Accelerator based on Approximate Logarithmic Multipliers for Energy-Efficient Computing Solving the Problem of Blockwise Isomorphism of Polynomials with Circulant Matrices Short DL-based Blacklistable Ring Signatures from DualRing
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1