Abstract
Many conventional control flow matching methods work well, but lead to obstructive latency for the operations as the number of malware variants has soared. Even though many researchers have proposed control flow matching methods, there is still a trade-off between accuracy and performance. To alleviate this trade-off, we present a system called MalCore, which is comprised of the following three novel mechanisms, each of which aims to provide a practical malware identification system: I-Filter for identical structured control flow string matching, table division to exclude unnecessary comparisons with some malware, and cognitive resource allocation for efficient parallelism. Our performance evaluation shows that the total performance improvement is 280.9 times. This work was undertaken on a real manycore computing platform called MN-MATE.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AV-TEST. http://www.av-test.org
MySQL reference. http://dev.mysql.com/doc/refman/5.7/en/index.html
Offensive computing. http://www.offensivecomputing.net
Reverse Engineering Compiler. http://www.backerstreet.com
Ultimate Packer for eXecutables. http://upx.sourceforge.net
Baeza-Yates, R., Navarro, G.: Fast approximate string matching in a dictionary. In: Proceedings of South America Symposium on String Processing and Information Retrieval, SPIRE 1998, pp. 14–22. IEEE (1998)
Cesare, S., Xiang, Y.: Classification of malware using structured control flow. In: Proceedings of Australasian Symposium on Parallel and Distributed Computing, AusPDC 2010, pp. 61–70. ACM (2010)
Cesare, S., Xiang, Y., Zhou, W.: Malwise–an effective and efficient classification system for packed and polymorphic malware. IEEE Trans. Comput. 62(6), 1193–1206 (2013)
Gusev, M., Ristov, S.: Matrix multiplication performance analysis in virtualized shared memory multiprocessor. In: Proceedings of 35th International Convention, MIPRO 2012, pp. 251–256. IEEE (2012)
Kim, T., Hwang, W., Kim, C., Shin, D.J., Park, K.W. Park, K.H.: Malfinder: accelerated malware classification system through filtering on manycore system. In: Proceedings of 1st International Conference on Information Systems Security and Privacy, ICISSP 2015, pp. 1–10 (2010)
Kim, T., Hwang, W. Park, K.W., Park, K.H.: I-Filter: identical structured control flow string filter for accelerated malware variant classification. In: Proceedings of International Symposium on Biometrics and Security Technologies, ISBAST 2014. IEEE (2014)
Kundu, S., Rangaswami, R., Dutta, K., Zhao, M.: Application performance modeling in a virtualized environments. In: Proceedings of 16th International Symposium on High Performance Computer Architecture, HPCA 2010, pp. 1–10. IEEE (2010)
Li, W., Godzik, A.: Cd-hit: a fast program for clustering and comparing large sets of protein or nucleotide sequences. Bioinformatics 22(13), 1658–1659 (2006)
Mohaisen, A., West, A.G., Mankin, A., Alrawi, O.: Chatter: Classifying malware families using system event ordering. In: Proceedings of 2nd Communications and Network Security, CNS 2014, pp. 283–291. IEEE (2014)
OKane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)
Park, K.H., Hwang, W., Seok, H., Kim, C., Shin, D.J., Kim, D.J., Maeng, M.K., Kim, S.M.: MN-MATE: elastic resource management of manycores and a hybrid memory hierarchy for a cloud node. ACM J. Emerg. Technol. Comput. Syst. 12(1), 5 (2015)
Paul, B., Boris, D., Keir, F., Steven, H., Tim, H., Alex, H., Rolf, N., Ian, P., Andrew, W.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 164–177. ACM (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kim, T., Park, K.W. (2015). MalCore: Toward a Practical Malware Identification System Enhanced with Manycore Technology. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-27668-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)