[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2103380.2103441acmconferencesArticle/Chapter ViewAbstractPublication PagesracsConference Proceedingsconference-collections
short-paper

Malware classification using instruction frequencies

Published: 02 November 2011 Publication History

Abstract

Developing variants of malware is a common and effective method to avoid the signature detection of antivirus programs. Malware analysis and signature abstraction are essential technologies to update the detection signature DB for malware detection. Since most malware binary analysis processes are performed manually, malware binary analysis is a time-consuming job. Therefore, efficient malware classification can be used to speed up malware binary analysis. As malware variants of the same malware family may share a portion of their binary code, the sequences of instructions may be similar, or even identical. In this paper, we propose a malware classification method that uses instruction frequencies. Our test results show that there are clear distinctions among malware and normal programs.

References

[1]
Tian, R., Batten, L., Islam, R. and Versteeg, S. 2009. An automated classification system based on the strings of trojan and virus families, In Proceedings of the 4th International conference on malicious and unwanted software.
[2]
Tian, R., Batten L. M. and Versteeg, S. C. 2008. Function length as a tool for malware classification, In Proceedings of the MALWARE 2008.
[3]
Peisert, S., Bishop, M., Karin, S. and Marzullo, K. 2007. Analysis of computer intrusions using sequences of function calls. IEEE Transactions on dependable and secure computing, Vol. 4, No. 2, pp. 137--150.
[4]
Gheorghescu, M. 2005. An automated virus classification system. In Proceedings of the Virus Bulletin Conference (Oct. 2005), pp. 294--300.
[5]
Bailey, M., Oberheide, J., Andersen, J., Mao, Z. M., Jahanian, F. and Nazario, J. 2007. Automated classification and analysis of Internet malware. Springer-Verlag, LNCS Vol. 4637, pp. 178--197.
[6]
Flake, H. 2004. Structural comparison of executable objects. In Proceedings of the detection of intrusions and malware and vulnerability assessment, pp. 161--173.
[7]
Kapoor, A. and Spurlock, J. 2006. Binary feature extraction and comparison. In Proceedings of the AVAR 2006.
[8]
Sathyanarayan, S., Kohli, P. and Bruhadeshwar, B. 2008. Signature generation and detection of malware families. In Proceedings of the ACISP 2008.
[9]
Cristianini, N. and Shawe-Taylor, J. 2000. An introduction to Support vector machines and other kernel-based learning methods. Cambridge University Press.
[10]
IDA Pro, available at http://www.hex-rays.com/idapro/

Cited By

View all
  • (2022)Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)International Journal of Innovations in Science and Technology10.33411/IJIST/20220403204:3(899-918)Online publication date: 29-Aug-2022
  • (2022)BiRD: Race Detection in Software Binaries under Relaxed Memory ModelsACM Transactions on Software Engineering and Methodology10.1145/349853831:4(1-29)Online publication date: 31-Jan-2022
  • (2022)Hardware Immune System for Embedded IoTIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2022.318731269:10(4118-4122)Online publication date: Oct-2022
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
RACS '11: Proceedings of the 2011 ACM Symposium on Research in Applied Computation
November 2011
355 pages
ISBN:9781450310871
DOI:10.1145/2103380

Sponsors

  • SIGAPP: ACM Special Interest Group on Applied Computing
  • ACCT: Association of Convergent Computing Technology
  • CUSST: University of Suwon: Center for U-city Security & Surveillance Technology of the University of Suwon
  • KIISE: Korean Institute of Information Scientists and Engineers
  • KISTI

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. instruction frequency
  2. malware analysis
  3. malware classification

Qualifiers

  • Short-paper

Funding Sources

Conference

RACS '11
Sponsor:
RACS '11: Research in Applied Computation Symposium
November 2 - 5, 2011
Florida, Miami

Acceptance Rates

Overall Acceptance Rate 393 of 1,581 submissions, 25%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)1
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2022)Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)International Journal of Innovations in Science and Technology10.33411/IJIST/20220403204:3(899-918)Online publication date: 29-Aug-2022
  • (2022)BiRD: Race Detection in Software Binaries under Relaxed Memory ModelsACM Transactions on Software Engineering and Methodology10.1145/349853831:4(1-29)Online publication date: 31-Jan-2022
  • (2022)Hardware Immune System for Embedded IoTIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2022.318731269:10(4118-4122)Online publication date: Oct-2022
  • (2022)A comprehensive study of Mozi botnetInternational Journal of Intelligent Systems10.1002/int.2286637:10(6877-6908)Online publication date: 8-Mar-2022
  • (2021)Static Ransomware Analysis Using Machine Learning and Deep Learning ModelsAdvances in Cyber Security10.1007/978-981-33-6835-4_30(450-467)Online publication date: 5-Feb-2021
  • (2021)A Review on Malware Variants Detection Techniques for Threat Intelligence in Resource Constrained Devices: Existing Approaches, Limitations and Future DirectionAdvances in Cyber Security10.1007/978-981-33-6835-4_24(354-370)Online publication date: 5-Feb-2021
  • (2019)SVM-based Instruction Set Identification for Grid Device Firmware2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC)10.1109/ITAIC.2019.8785564(214-218)Online publication date: May-2019
  • (2019)Instrumenting API Hooking for a Realtime Dynamic Analysis2019 International Conference on Cybersecurity (ICoCSec)10.1109/ICoCSec47621.2019.8971017(49-52)Online publication date: Sep-2019
  • (2019)A New Learning Approach to Malware Classification Using Discriminative Feature ExtractionIEEE Access10.1109/ACCESS.2019.28925007(13015-13023)Online publication date: 2019
  • (2019)Analysis and Evaluation of Dynamic Feature-Based Malware Detection MethodsInnovative Security Solutions for Information Technology and Communications10.1007/978-3-030-12942-2_19(247-258)Online publication date: 6-Feb-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media