Automatic signature analysis and generation for large-scale network malware

Author

Wen Wang ; Xiaofeng Wang ; Huabiao Lu ; Jinshu Su

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol. Changsha, Changsha, China

fYear

2012

fDate

7-9 Dec. 2012

Firstpage

1

Lastpage

5

Abstract

Due to the rapid propagation of the network malwares and their severe threat, it is crucial to detect them and automatically generate their signatures in the early stage of the infection. Most existing approaches for automatic signature generation are based on the byte sequences in the flows, which usually has a great computation and memory overhead and cannot work well in presence of noise. In this paper, we present a method for large-scale malware analysis with feature extraction based on hashed matrix. Moreover, we propose the automatic signature generation using the Bayesian signature selection within clusters. Our evaluation shows that the proposed method can speed up the typical malware signature generation with less memory consumption. In addition, it has a comparably higher accuracy than previous approaches and is more noise-tolerant.

Keywords

Bayes methods; computer network security; cryptography; digital signatures; feature extraction; invasive software; Bayesian signature selection; automatic malware signature analysis; automatic malware signature generation; byte sequences; computation overhead; feature extraction; hashed matrix; large-scale malware analysis; large-scale network malware propagation; memory consumption; memory overhead; Automatic Signature Generation; Bayesian Selection; Feature Hashing;

fLanguage

English

Publisher

iet

Conference_Titel

Information Science and Control Engineering 2012 (ICISCE 2012), IET International Conference on

Conference_Location

Shenzhen

Electronic_ISBN

978-1-84919-641-3

Type

conf

DOI

10.1049/cp.2012.2440

Filename

6755819