Abstract
Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bayoğlu, B., Soğukpınar, İ.: Graph based signature classes for detecting polymorphic worms via content analysis. Comput. Netw. 56(2), 832–844 (2012)
Liang, H., Chai, J., Tang, Y.: Polymorphic worm detection using position-relation signature. In: Wong, W.E., Zhu, T. (eds.) Computer Engineering and Networking. LNEE, vol. 277, pp. 1365–1372. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-01766-2_155
Wang, J., He, X.: Automatic extraction method of feature based on seed extended polymorphic worm. J. Commun. 35(9), 12–19 (2014)
Li, W., Song, K.: Exploring the mystery of Duqu Trojan horse. Duqu and Stuxnet homology analysis. Programmer 5, 117–121 (2012)
Qian, Y., Peng, G., Wang, Y., et al.: Homology analysis of malicious code and family clustering. Comput. Eng. Appl. 51(18), 76–81 (2015)
Ge, Y., Kang, F., Peng, X.: Homology analysis of malicious code based on dynamic BP neural network. Small Microcomput. Syst. 37(11), 2527–2531 (2016)
Alazab, M., Layton, R., Venkataraman, S., et al.: Malware detection based on structural and behavioural features of API call (2010)
Moskovitch, R., Feher, C., Tzachar, N., Berger, E., Gitelman, M., Dolev, S., Elovici, Y.: Unknown malcode detection using OPCODE representation. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds.) EuroIsI 2008. LNCS, vol. 5376, pp. 204–215. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89900-6_21
Shabtai, A., Moskovitch, R., Feher, C., et al.: Detecting unknown malicious code by applying classification techniques on Op-Code patterns. Secur. Inform. 1(1), 1 (2012)
Xin, Y., Fang, B., He, L., et al.: Research of worm detection and feature extraction based on communication feature analysis. J. Commun. 28(12), 1–7 (2007)
Fang, W., Zhou, B., An, J.: Windows API Development Detailed: Function, Interface, Programming Examples. Posts and Telecommunications Press (2011)
Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12–16 (2012)
Katz, J., Linde, Y.: Introduction to modern cryptography, vol. 207 (2014)
Alam, M.S., Vuong, S.T.: Random forest classification for detecting android malware. In: IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 663–669. IEEE Computer Society (2013)
Acknowledgments
This work was supported by the National Key R & D Program of China (Grant No. 2016YFB0801304).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, L., Xue, J., Cui, Y., Wang, Y., Shan, C. (2017). Homology Analysis Method of Worms Based on Attack and Propagation Features. In: Xu, M., Qin, Z., Yan, F., Fu, S. (eds) Trusted Computing and Information Security. CTCIS 2017. Communications in Computer and Information Science, vol 704. Springer, Singapore. https://doi.org/10.1007/978-981-10-7080-8_1
Download citation
DOI: https://doi.org/10.1007/978-981-10-7080-8_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7079-2
Online ISBN: 978-981-10-7080-8
eBook Packages: Computer ScienceComputer Science (R0)
