MalCore: Toward a Practical Malware Identification System Enhanced with Manycore Technology

Kim, Taegyu; Park, Ki Woong

doi:10.1007/978-3-319-27668-7_3

Taegyu Kim¹⁴ &
Ki Woong Park¹⁵

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 576))

Included in the following conference series:

International Conference on Information Systems Security and Privacy

501 Accesses

Abstract

Many conventional control flow matching methods work well, but lead to obstructive latency for the operations as the number of malware variants has soared. Even though many researchers have proposed control flow matching methods, there is still a trade-off between accuracy and performance. To alleviate this trade-off, we present a system called MalCore, which is comprised of the following three novel mechanisms, each of which aims to provide a practical malware identification system: I-Filter for identical structured control flow string matching, table division to exclude unnecessary comparisons with some malware, and cognitive resource allocation for efficient parallelism. Our performance evaluation shows that the total performance improvement is 280.9 times. This work was undertaken on a real manycore computing platform called MN-MATE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

AV-TEST. http://www.av-test.org
MySQL reference. http://dev.mysql.com/doc/refman/5.7/en/index.html
Offensive computing. http://www.offensivecomputing.net
Reverse Engineering Compiler. http://www.backerstreet.com
Ultimate Packer for eXecutables. http://upx.sourceforge.net
Baeza-Yates, R., Navarro, G.: Fast approximate string matching in a dictionary. In: Proceedings of South America Symposium on String Processing and Information Retrieval, SPIRE 1998, pp. 14–22. IEEE (1998)
Google Scholar
Cesare, S., Xiang, Y.: Classification of malware using structured control flow. In: Proceedings of Australasian Symposium on Parallel and Distributed Computing, AusPDC 2010, pp. 61–70. ACM (2010)
Google Scholar
Cesare, S., Xiang, Y., Zhou, W.: Malwise–an effective and efficient classification system for packed and polymorphic malware. IEEE Trans. Comput. 62(6), 1193–1206 (2013)
Article MathSciNet Google Scholar
Gusev, M., Ristov, S.: Matrix multiplication performance analysis in virtualized shared memory multiprocessor. In: Proceedings of 35th International Convention, MIPRO 2012, pp. 251–256. IEEE (2012)
Google Scholar
Kim, T., Hwang, W., Kim, C., Shin, D.J., Park, K.W. Park, K.H.: Malfinder: accelerated malware classification system through filtering on manycore system. In: Proceedings of 1st International Conference on Information Systems Security and Privacy, ICISSP 2015, pp. 1–10 (2010)
Google Scholar
Kim, T., Hwang, W. Park, K.W., Park, K.H.: I-Filter: identical structured control flow string filter for accelerated malware variant classification. In: Proceedings of International Symposium on Biometrics and Security Technologies, ISBAST 2014. IEEE (2014)
Google Scholar
Kundu, S., Rangaswami, R., Dutta, K., Zhao, M.: Application performance modeling in a virtualized environments. In: Proceedings of 16th International Symposium on High Performance Computer Architecture, HPCA 2010, pp. 1–10. IEEE (2010)
Google Scholar
Li, W., Godzik, A.: Cd-hit: a fast program for clustering and comparing large sets of protein or nucleotide sequences. Bioinformatics 22(13), 1658–1659 (2006)
Article Google Scholar
Mohaisen, A., West, A.G., Mankin, A., Alrawi, O.: Chatter: Classifying malware families using system event ordering. In: Proceedings of 2nd Communications and Network Security, CNS 2014, pp. 283–291. IEEE (2014)
Google Scholar
OKane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)
Article Google Scholar
Park, K.H., Hwang, W., Seok, H., Kim, C., Shin, D.J., Kim, D.J., Maeng, M.K., Kim, S.M.: MN-MATE: elastic resource management of manycores and a hybrid memory hierarchy for a cloud node. ACM J. Emerg. Technol. Comput. Syst. 12(1), 5 (2015)
Article Google Scholar
Paul, B., Boris, D., Keir, F., Steven, H., Tim, H., Alex, H., Rolf, N., Ian, P., Andrew, W.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 164–177. ACM (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Electrical and Computer Engineering, Purdue University, West Lafayette, IN, USA
Taegyu Kim
Daejeon University, Daejeon, Republic of Korea
Ki Woong Park

Authors

Taegyu Kim
View author publications
You can also search for this author in PubMed Google Scholar
Ki Woong Park
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taegyu Kim .

Editor information

Editors and Affiliations

MODESTE/ESEO, Angers, France
Olivier Camp
SBA Research, Wien, Austria
Edgar Weippl
Supélec, Cesson, France
Christophe Bidan
Université de Montréal, Montreal, Québec, Canada
Esma Aïmeur

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, T., Park, K.W. (2015). MalCore: Toward a Practical Malware Identification System Enhanced with Manycore Technology. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_3

Download citation

DOI: https://doi.org/10.1007/978-3-319-27668-7_3
Published: 01 January 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics