Title :
An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis
Author :
Acosta, J.C. ; Mendoza, H. ; Medina, B.G.
Author_Institution :
White Sands Missile Range, U.S. Army Res. Lab., White Sands, NM, USA
fDate :
Oct. 29 2012-Nov. 1 2012
Abstract :
It is well known that malware (worms, botnets, etc...) thrive on communication systems. The process of detecting and analyzing malware is very latent and not well-suited for real-time application, which is critical especially for propagating malware. For this reason, recent methods identify similarities among malware dynamic trace logs to extract malicious behavior snippets. These snippets can then be tagged by a human analyst and be used to identify malware on-the-fly. A major problem with these methods is that they require extensive processing resources. This is especially due to the large amount of malware released each year (upwards of 17 million new instances in 2011). In this paper, we present an efficient algorithm for identifying common substrings in dynamic trace events of malware collections. The algorithm finds common substrings between malware pairs in theoretical linear time by using parallel processing. The algorithm is implemented in the CUDA and results show a performance increase of up to 8 times compared to previous implementations.
Keywords :
invasive software; military communication; telecommunication security; common substrings algorithm; communication systems; dynamic trace events; human analyst; malicious behavior snippets; malware collections; malware dynamic trace logs; malware pairs; on-the-fly behavior-based malware detection; parallel processing; processing resources; Algorithm design and analysis; Graphics processing units; Heuristic algorithms; Instruction sets; Java; Malware; Runtime;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012
Conference_Location :
Orlando, FL
Print_ISBN :
978-1-4673-1729-0
DOI :
10.1109/MILCOM.2012.6415819
