An Approach to Selecting an Informative Feature in Software Identification

  • Kseniya SalakhutdinovaEmail author
  • Irina Krivtsova
  • Ilya Lebedev
  • Mikhail Sukhoparov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11118)


Statement of Research. A need to reduce the increasing number of system vulnerabilities caused by unauthorized software installed on computer aids necessitates development of an approach to automate the data-storage media audit. The article describes an approach to identification of informative assembly instructions. Also, the influence of a chosen feature that is used to create a unified program signature on identification result is shown. Methods. Shannon method allowing a determination of feature informativeness for a random number of object classes and not depending on the sample volume of observed features is used to calculate informativeness. Identification of elf-files was based on applying statistical chi-squared test of homogeneity. Main Findings. Quantitative characteristics of informativeness for 118 assembly instructions have been obtained. The analysis of experimental results for executable files identification with 10 different features used to create program signatures compared by means of the chi-squared test of homogeneity at significance levels p = 0.05 and p = 0.01 has been carried out. Practical Relevance. The importance of using a particular feature in program signature creation has been discovered, as well as the capability of considering several executable file signatures together to provide a summative assessment on their belonging to a certain program.


Identification of executable files Elf-files Informativeness of a feature Chi-square test Information security 


  1. 1.
    Suleymanova, S.S., Nazarova, E.A.: Information Wars: History and Modernity: A Textbook.: International Publishing Center “Ethnosociety”, Moscow (2017)Google Scholar
  2. 2.
    Lebedev, I., Korzhuk, V., Krivtsova, I., Salakhutdinova, K., Sukhoparov, M., Tikhonov, D.: Using preventive measures for the purpose of assuring information security of wireless communication channels. In: Proceedings of the 18th Conference of Open Innovations Association FRUCT, pp. 167–173 (2016)Google Scholar
  3. 3.
    Boukhtouta, A., Mouheb, D., Debbabi, M., Alfandi, O., Iqbal, F., El Barachi, M.: Graph-theoretic characterization of cyber-threat infrastructures. Dig. Invest. 14(1), 3–15 (2015)CrossRefGoogle Scholar
  4. 4.
    Alazab, M., Layton, R., Venkataraman, S., Watters, P.: Malware detection based on structural and behavioral features of API calls. In: Proceedings of the International Cyber Resilience Conference (ICR2010), pp. 1–10 (2010)Google Scholar
  5. 5.
    Shahzad, F., Farooq, M.: ELF-Miner: Using structural knowledge and data mining methods to detect new (linux) malicious executables. Knowl. Inf. Syst. 30(3), 589–612 (2011)CrossRefGoogle Scholar
  6. 6.
    Li, P., Liu, L., Gao, D., Reiter, M.K.: On challenges in evaluating malware clustering. In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection, pp. 238–255. Ottawa (2010)Google Scholar
  7. 7.
    Komashinsky, D.V., Kotenko, I.V.: Methods of data mining for the detection of malicious software objects: an overview of current research. Issues Inf. Prot. 4(102), 21–33 (2013)Google Scholar
  8. 8.
    Lai, Y., Liu, Z.: Unknown Malicious Identification. In: Ao, S.I., Gelman, L. (eds.) Advances in Electrical Engineering and Computational Science. LNEE, vol. 39, pp. 301–312. Springer, Dordrecht (2009). Scholar
  9. 9.
    Antonov, A.E., Fedulov, A.S.: Identification of the file type based on the structural analysis. Appl. Inf. 2(44), 068–077 (2013)Google Scholar
  10. 10.
    Kazarin, O.V.: Theory and practice of program protection. MGUL Press, Moscow (2004)Google Scholar
  11. 11.
    Krivtsova, I.E., Salakhutdinova, K.I., Kuzmich, P.A.: A method for constructing signatures of executable files for the purpose of identifying them. Bull. Pol. 5(3/5), 97–105 (2015)Google Scholar
  12. 12.
    Druzhinin, N.K., Salakhutdinova, K.I.: Identification of executable file by dint of individual feature. In: Proceedings of the International Conference on Information Security and Protection of Information Technology (ISPIT-2015). St. Petersburg, Russia, pp. 45–47 (2015)Google Scholar
  13. 13.
    Krivtsova, I.E., Salakhutdinova, K.I., Yurin, I.V.: The method of identifying executable files by their signatures. Bulletin of the State University of Marine and River Fleet named after Admiral S.O. Makarov. 1(35), 215–2242016Google Scholar
  14. 14.
    Krivtsova, I.E., Lebedev, I.S., Salakhutdinova, K.I.: Identification of executable files on the basis of statistical criteria. In: Proceedings of the 20th Conference of Open Innovations Association FRUCT, pp. 202–208 (2017)Google Scholar
  15. 15.
    Smirnov, N.V., Dunin-Barkovsky, I.V.: Course of Probability Theory and Mathematical Statistics. SNauka, Moscow (1969)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Kseniya Salakhutdinova
    • 1
    Email author
  • Irina Krivtsova
    • 1
  • Ilya Lebedev
    • 2
  • Mikhail Sukhoparov
    • 3
  1. 1.ITMO UniversitySaint-PetersburgRussia
  2. 2.SPIIRASSt. PetersburgRussia
  3. 3.SPbF AO « NPK « TRISTAN»Saint-PetersburgRussia

Personalised recommendations