通过抽象语法树和 L-moments 进行恶意软件分类

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-09-06 DOI:10.1016/j.cose.2024.104082
Anthony J. Rose, Christine M. Schubert Kabban, Scott R. Graham, Wayne C. Henry, Christopher M. Rondeau
{"title":"通过抽象语法树和 L-moments 进行恶意软件分类","authors":"Anthony J. Rose,&nbsp;Christine M. Schubert Kabban,&nbsp;Scott R. Graham,&nbsp;Wayne C. Henry,&nbsp;Christopher M. Rondeau","doi":"10.1016/j.cose.2024.104082","DOIUrl":null,"url":null,"abstract":"<div><p>The ongoing evolution of malware presents a formidable challenge to cybersecurity: identifying unknown threats. Traditional detection methods, such as signatures and various forms of static analysis, inherently lag behind these evolving threats. This research introduces a novel approach to malware detection by leveraging the robust statistical capabilities of L-moments and the structural insights provided by Abstract Syntax Trees (ASTs) and applying them to PowerShell. L-moments, recognized for their resilience to outliers and adaptability to diverse distributional shapes, are extracted from network analysis measures like degree centrality, betweenness centrality, and closeness centrality of ASTs. These measures provide a detailed structural representation of code, enabling a deeper understanding of its inherent behaviors and patterns. This approach aims to detect not only known malware but also uncover new, previously unidentified threats. A comprehensive comparison with traditional static analysis methods shows that this approach excels in key performance metrics such as accuracy, precision, recall, and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span> score. These results demonstrate the significant potential of combining L-moments derived from network analysis with ASTs in enhancing malware detection. While static analysis remains an essential tool in cybersecurity, the integration of L-moments and advanced network analysis offers a more effective and efficient response to the dynamic landscape of cyber threats. This study paves the way for future research, particularly in extending the use of L-moments and network analysis into additional areas.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104082"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003870/pdfft?md5=255011e2faf3909f24dc4575c4f50f4f&pid=1-s2.0-S0167404824003870-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Malware classification through Abstract Syntax Trees and L-moments\",\"authors\":\"Anthony J. Rose,&nbsp;Christine M. Schubert Kabban,&nbsp;Scott R. Graham,&nbsp;Wayne C. Henry,&nbsp;Christopher M. Rondeau\",\"doi\":\"10.1016/j.cose.2024.104082\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>The ongoing evolution of malware presents a formidable challenge to cybersecurity: identifying unknown threats. Traditional detection methods, such as signatures and various forms of static analysis, inherently lag behind these evolving threats. This research introduces a novel approach to malware detection by leveraging the robust statistical capabilities of L-moments and the structural insights provided by Abstract Syntax Trees (ASTs) and applying them to PowerShell. L-moments, recognized for their resilience to outliers and adaptability to diverse distributional shapes, are extracted from network analysis measures like degree centrality, betweenness centrality, and closeness centrality of ASTs. These measures provide a detailed structural representation of code, enabling a deeper understanding of its inherent behaviors and patterns. This approach aims to detect not only known malware but also uncover new, previously unidentified threats. A comprehensive comparison with traditional static analysis methods shows that this approach excels in key performance metrics such as accuracy, precision, recall, and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span> score. These results demonstrate the significant potential of combining L-moments derived from network analysis with ASTs in enhancing malware detection. While static analysis remains an essential tool in cybersecurity, the integration of L-moments and advanced network analysis offers a more effective and efficient response to the dynamic landscape of cyber threats. This study paves the way for future research, particularly in extending the use of L-moments and network analysis into additional areas.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104082\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003870/pdfft?md5=255011e2faf3909f24dc4575c4f50f4f&pid=1-s2.0-S0167404824003870-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003870\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003870","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

恶意软件的不断演变给网络安全带来了严峻的挑战:识别未知威胁。传统的检测方法,如签名和各种形式的静态分析,本质上落后于这些不断演变的威胁。本研究利用 L-moments 的强大统计功能和抽象语法树 (AST) 提供的结构洞察力,并将其应用于 PowerShell,从而为恶意软件检测引入了一种新方法。L-moments 因其对异常值的复原力和对不同分布形状的适应性而得到认可,它是从 AST 的度中心性、间中心性和接近中心性等网络分析指标中提取出来的。这些指标提供了代码的详细结构表示,有助于深入理解代码的内在行为和模式。这种方法不仅能检测已知的恶意软件,还能发现以前未发现的新威胁。与传统静态分析方法的综合比较表明,这种方法在准确率、精确度、召回率和 F1 分数等关键性能指标方面表现出色。这些结果表明,将网络分析得出的 L-moments 与 AST 相结合,在增强恶意软件检测方面具有巨大潜力。虽然静态分析仍然是网络安全的重要工具,但 L-moments 与高级网络分析的整合能更有效、更高效地应对网络威胁的动态变化。这项研究为今后的研究铺平了道路,特别是在将 L-moments 和网络分析的应用扩展到更多领域方面。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Malware classification through Abstract Syntax Trees and L-moments

The ongoing evolution of malware presents a formidable challenge to cybersecurity: identifying unknown threats. Traditional detection methods, such as signatures and various forms of static analysis, inherently lag behind these evolving threats. This research introduces a novel approach to malware detection by leveraging the robust statistical capabilities of L-moments and the structural insights provided by Abstract Syntax Trees (ASTs) and applying them to PowerShell. L-moments, recognized for their resilience to outliers and adaptability to diverse distributional shapes, are extracted from network analysis measures like degree centrality, betweenness centrality, and closeness centrality of ASTs. These measures provide a detailed structural representation of code, enabling a deeper understanding of its inherent behaviors and patterns. This approach aims to detect not only known malware but also uncover new, previously unidentified threats. A comprehensive comparison with traditional static analysis methods shows that this approach excels in key performance metrics such as accuracy, precision, recall, and F1 score. These results demonstrate the significant potential of combining L-moments derived from network analysis with ASTs in enhancing malware detection. While static analysis remains an essential tool in cybersecurity, the integration of L-moments and advanced network analysis offers a more effective and efficient response to the dynamic landscape of cyber threats. This study paves the way for future research, particularly in extending the use of L-moments and network analysis into additional areas.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Palm vein template protection scheme for resisting similarity attack A reliability anomaly detection method based on enhanced GRU-Autoencoder for Vehicular Fog Computing services A cyber-resilient open architecture for drone control AECR: Automatic attack technique intelligence extraction based on fine-tuned large language model CD-Net: Robust mobile traffic classification against apps updating
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1