Security threats due to malicious executable are getting more serious. A lot of researchers are interested in combating malware attacks. In contrast, malicious users aim to increase the usage of polymorphism and metamorphism malware in order to increase the analysis cost and prevent being identified by anti-malware tools. Due to the intuitive similarity between different polymorphisms of a malware family, clustering is an effective approach to deal with this problem. Clustering accordingly is able to reduce the number of signatures. Therefore, we have leveraged the Suffix tree structure and Locality Sensitive Hashing (LSH) to linearly cluster malicious programs and to reduce the number of signatures significantly.

Malware signature generation using locality sensitive hashing

Vinod P.;Conti M.;Parsa S.;
2019

Abstract

Security threats due to malicious executable are getting more serious. A lot of researchers are interested in combating malware attacks. In contrast, malicious users aim to increase the usage of polymorphism and metamorphism malware in order to increase the analysis cost and prevent being identified by anti-malware tools. Due to the intuitive similarity between different polymorphisms of a malware family, clustering is an effective approach to deal with this problem. Clustering accordingly is able to reduce the number of signatures. Therefore, we have leveraged the Suffix tree structure and Locality Sensitive Hashing (LSH) to linearly cluster malicious programs and to reduce the number of signatures significantly.
2019
Communications in Computer and Information Science
978-981-13-7560-6
978-981-13-7561-3
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3340667
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact