Method of anti-confusion texture feature descriptor for malware images

Yashu LIU; Zhihai WANG; Hanbing YAN; Yueran HOU; Yukun LAI

doi:10.11959/j.issn.1000-436x.2018227

您当前的位置：

首页 >

文章列表页 >

Method of anti-confusion texture feature descriptor for malware images

Papers | 更新时间：2024-06-05

- Method of anti-confusion texture feature descriptor for malware images
- Journal on Communications Vol. 39, Issue 11, Pages: 44-53(2018)
- 作者机构：
  
  1. 北京交通大学计算机与信息技术学院，北京 100044
  2. 北京建筑大学电气与信息工程学院，北京 100044
  3. 国家计算机网络应急技术处理协调中心，北京 100029
  4. 北京邮电大学网络技术研究院，北京 100876
  5. 卡迪夫大学计算机科学与信息学院，英国卡迪夫，CF24 3AA
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(U1736218);The National Natural Science Foundation of China(61672086);The National Key Research and Development Program of China(2018YFB0803604)
- DOI：10.11959/j.issn.1000-436x.2018227
  CLC： TP393
- Online First：2018-11，
  
  Published：25 November 2018
- 稿件说明：
移动端阅览
Yashu LIU, Zhihai WANG, Hanbing YAN, et al. Method of anti-confusion texture feature descriptor for malware images[J]. Journal on Communications, 2018, 39(11): 44-53.
DOI：

Yashu LIU, Zhihai WANG, Hanbing YAN, et al. Method of anti-confusion texture feature descriptor for malware images[J]. Journal on Communications, 2018, 39(11): 44-53. DOI： 10.11959/j.issn.1000-436x.2018227.

摘要

将图像处理技术与机器学习方法相结合是恶意代码可视化研究的一个新方法。在这种研究方法中，恶意代码灰度图像纹理特征的描述对恶意代码分类结果的准确性影响较大。为此，提出新的恶意代码图像纹理特征描述方法。通过将全局特征（GIST）与局部特征（LBP或dense SIFT）相融合，构造抗混淆、抗干扰的融合特征，解决了在恶意代码灰度图像相似度较高或差异性较大时全局特征分类准确性急剧降低的问题。实验表明，该方法与传统方法相比具有更好的稳定性和适用性，同时在较易混淆的数据集上，分类准确率也有了明显的提高。

Abstract

It is a new method that uses image processing and machine learning algorithms to classify malware samples in malware visualization field.The texture feature description method has great influence on the result.To solve this problem

a new method was presented that joints global feature of GIST with local features of LBP or dense SIFT in order to construct combinative descriptors of malware gray-scale images.Using those descriptors

the malware classification performance was greatly improved in contrast to traditional method

especially for those samples have higher similarity in the different families

or those have lower similarity in the same family.A lot of experiments show that new method is much more effective and general than traditional method.On the confusing dataset

the accuracy rate of classification has been greatly improved.

关键词

Keywords

references

杜敬凯 . 二进制恶意代码的同源性分析 [D ] . 北京:北京航空航天大学 , 2016 .

DU J K . Homology analysis of binary malicious code [D ] . Beijing:Beihang University , 2016 .

SATHYANARAYAN V S , KOHLI P , BRUHADESHWAR B . Signature generation and detection of malware families [C ] // Proceedings of Australasian Conference on Information Security and Privacy . 2008 : 336 - 349 .

ABBAS M F B , SRIKANTHAN T . Low-complexity signature-based malware detection for IoT devices [C ] // Proceedings of Applications and Techniques in Information Security . 2017 : 181 - 189 .

FIRDAUSI I , LIM C , ERWIN A , et al . Analysis of machine learning techniques used in behavior-based malware detection [C ] // IEEE International Conference on Advances in Computing . 2010 : 201 - 203 .

王蕊 , 冯登国 , 杨轶 , 等 . 基于语义的恶意代码行为特征提取及检测方法 [J ] . 软件学报 , 2012 , 23 ( 2 ): 378 - 393 .

WANG R , FENG D G , YANG Y , et al . Semantics-based malware be-havior signature extraction and detection method [J ] . Journal of Soft-ware , 2012 , 23 ( 2 ): 378 - 393 .

任李 , 潘晓中 . 基于对象语义的恶意代码检测方法 [J ] . 计算机应用研究 , 2013 , 30 ( 10 ): 3106 - 3113 .

REN L , PAN X Z . Object-semantics based malware detection meth-od [J ] . Application Research of Computers , 2013 , 30 ( 10 ): 3106 - 3113 .

SANTOS I , BREZO F , NIEVES J , et al . Idea:opcode-sequence based malware detection [C ] // International Conference on Engineering Secure Software and Systems . 2010 : 35 - 43 .

O’KANE P , SEZERAND S , MCLANGHLIN K . Detecting obfuscated malware using reduced opcode set and optimized runtime trace [J ] . Security Informatics , 2016 , 5 ( 1 ): 2 - 13 .

QIAO Y C , YUN X C , ZHANG Y Z , et al . Fast reused function retrieval method based on simHash and inverted index [C ] // The 15th IEEE International Conference on Trust,Security and Privacy in Computing and Communications . 2017 : 937 - 944 .

BONFANTE G , KACZMAREK M , MARION JY . Architecture of a morphological malware detector [J ] . Computer Virology , 2009 , 5 ( 3 ): 263 - 270 .

CESARE S , XIANG Y . A fast flow graph based classification system for packed and polymorphic malware on the end host [C ] // Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications . 2010 : 721 - 728 .

KINABLE J , KOSTAKIS O . Malware classification based on call graph clustering [J ] . Computer Virology , 2011 , 7 ( 4 ): 233 - 245 .

TRINIUS P , HOLS T , GOBEL J , et al . Visual analysis of malware behavior using treemaps and thread graphs [C ] // the 6th International Workshop on Visualization for Cyber Security . 2010 : 33 - 38 .

CONTI G , BRATUS S , SHUBING A , et al . Automated mapping of large binary objects using primitive fragment type classification [J ] . Digital Investigation:The International Journal of Digital Forensics and Incident Response , 2010 , 7 : S3 - S12 .

NATARAJ L , KARTHIKEYAN S , JACOB G , et al . Malware images:visualization and automatic classification [C ] // The 8th International Symposium on Visualization for Cyber Security . 2011 : 21 - 29 .

HAN K S , LIM J H , KANG B J , et al . Malware analysis using visualized images and entropy graphs [J ] . International Journal of Information Security , 2015 , 14 ( 1 ): 1 - 14 .

YAN H B , ZHOU H , ZHANG H G . Automatic malware classification via PRICoLBP [J ] . Chinese Journal of Electronics , 2018 , 27 ( 4 ): 852 - 859 .

OLIVA A , TORRALBA A . Modeling the shape of the scene:a holistic representation of the spatial envelope [J ] . International Journal of Computer Vision , 2001 , 42 ( 3 ): 145 - 175 .

TORRALBA A , MURPHY A , FREEMAN K P , et al . Context-based vision systems for place and object recognition [C ] // International conference on Computer Vision . 2003 :273.

OJALA T , PIETIKAINEN M , MAENPAA T . Multiresolution gray-scale and rotation invariant texture classification with local binary patterns [J ] . IEEE Transactions on Pattern Analysis ＆ Machine Intelligence , 2000 , 24 ( 7 ): 971 - 987 .

LOWE D G , . Object recognition from local scale-invariant features [C ] // International Conference on Computer Vision . 1999 : 1150 - 1157 .

Views

1994

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

No data

Related Author

No data

Related Institution

No data

AI问答

⁰