Title :
A Lightweight Design of Malware Behavior Representation
Author :
Yong Qiao ; Jie He ; Yuexiang Yang ; Lin Ji ; Chuan Tang
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
To encode the malware behavior reports to accessible forms for further automatic analysis methods like data mining and machine, we proposed a lightweight design of malware behavior representation named BBIS (Bytes-Based Instruction Set), which can utilize least single-byte characters to represent the items in dynamic behavior reports. BBIS is able to build flexible mapping table for different application scenarios. Experiments show that BBIS can significantly reduce the computation and storage cost while keeping the performance of clustering compared with existed methods. Moreover, a method called CHRL (Compression of High Repetitions in Logarithmic level) is introduced to compress frequently seen repetitions in unexpected API calls sequences. In combination with BBIS, CHRL can further reduce the size of behavior reports to significantly and consequently reduce the computation time while keeping or improving the performance of further malware analysis like clustering.
Keywords :
application program interfaces; invasive software; pattern clustering; API call sequences; BBIS; CHRL; bytes-based instruction set; clustering performance; compression of high repetitions in logarithmic level; computation cost reduction; dynamic behavior reports; flexible mapping table; lightweight design; malware behavior report encoding; malware behavior representation; single-byte characters; storage cost reduction; Data mining; Educational institutions; Encoding; Equations; Malware; Monitoring; Tin; Byte-based instruction set; Clustering; Compression of high repetitions; Malware behavior representation;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
Conference_Location :
Melbourne, VIC
DOI :
10.1109/TrustCom.2013.198
