Abstract
Statement of Research. A need to reduce the increasing number of system vulnerabilities caused by unauthorized software installed on computer aids necessitates development of an approach to automate the data-storage media audit. The article describes an approach to identification of informative assembly instructions. Also, the influence of a chosen feature that is used to create a unified program signature on identification result is shown. Methods. Shannon method allowing a determination of feature informativeness for a random number of object classes and not depending on the sample volume of observed features is used to calculate informativeness. Identification of elf-files was based on applying statistical chi-squared test of homogeneity. Main Findings. Quantitative characteristics of informativeness for 118 assembly instructions have been obtained. The analysis of experimental results for executable files identification with 10 different features used to create program signatures compared by means of the chi-squared test of homogeneity at significance levels p = 0.05 and p = 0.01 has been carried out. Practical Relevance. The importance of using a particular feature in program signature creation has been discovered, as well as the capability of considering several executable file signatures together to provide a summative assessment on their belonging to a certain program.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Suleymanova, S.S., Nazarova, E.A.: Information Wars: History and Modernity: A Textbook.: International Publishing Center “Ethnosociety”, Moscow (2017)
Lebedev, I., Korzhuk, V., Krivtsova, I., Salakhutdinova, K., Sukhoparov, M., Tikhonov, D.: Using preventive measures for the purpose of assuring information security of wireless communication channels. In: Proceedings of the 18th Conference of Open Innovations Association FRUCT, pp. 167–173 (2016)
Boukhtouta, A., Mouheb, D., Debbabi, M., Alfandi, O., Iqbal, F., El Barachi, M.: Graph-theoretic characterization of cyber-threat infrastructures. Dig. Invest. 14(1), 3–15 (2015)
Alazab, M., Layton, R., Venkataraman, S., Watters, P.: Malware detection based on structural and behavioral features of API calls. In: Proceedings of the International Cyber Resilience Conference (ICR2010), pp. 1–10 (2010)
Shahzad, F., Farooq, M.: ELF-Miner: Using structural knowledge and data mining methods to detect new (linux) malicious executables. Knowl. Inf. Syst. 30(3), 589–612 (2011)
Li, P., Liu, L., Gao, D., Reiter, M.K.: On challenges in evaluating malware clustering. In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection, pp. 238–255. Ottawa (2010)
Komashinsky, D.V., Kotenko, I.V.: Methods of data mining for the detection of malicious software objects: an overview of current research. Issues Inf. Prot. 4(102), 21–33 (2013)
Lai, Y., Liu, Z.: Unknown Malicious Identification. In: Ao, S.I., Gelman, L. (eds.) Advances in Electrical Engineering and Computational Science. LNEE, vol. 39, pp. 301–312. Springer, Dordrecht (2009). https://doi.org/10.1007/978-90-481-2311-7_26
Antonov, A.E., Fedulov, A.S.: Identification of the file type based on the structural analysis. Appl. Inf. 2(44), 068–077 (2013)
Kazarin, O.V.: Theory and practice of program protection. MGUL Press, Moscow (2004)
Krivtsova, I.E., Salakhutdinova, K.I., Kuzmich, P.A.: A method for constructing signatures of executable files for the purpose of identifying them. Bull. Pol. 5(3/5), 97–105 (2015)
Druzhinin, N.K., Salakhutdinova, K.I.: Identification of executable file by dint of individual feature. In: Proceedings of the International Conference on Information Security and Protection of Information Technology (ISPIT-2015). St. Petersburg, Russia, pp. 45–47 (2015)
Krivtsova, I.E., Salakhutdinova, K.I., Yurin, I.V.: The method of identifying executable files by their signatures. Bulletin of the State University of Marine and River Fleet named after Admiral S.O. Makarov. 1(35), 215–2242016
Krivtsova, I.E., Lebedev, I.S., Salakhutdinova, K.I.: Identification of executable files on the basis of statistical criteria. In: Proceedings of the 20th Conference of Open Innovations Association FRUCT, pp. 202–208 (2017)
Smirnov, N.V., Dunin-Barkovsky, I.V.: Course of Probability Theory and Mathematical Statistics. SNauka, Moscow (1969)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Salakhutdinova, K., Krivtsova, I., Lebedev, I., Sukhoparov, M. (2018). An Approach to Selecting an Informative Feature in Software Identification. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN ruSMART 2018 2018. Lecture Notes in Computer Science(), vol 11118. Springer, Cham. https://doi.org/10.1007/978-3-030-01168-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-01168-0_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01167-3
Online ISBN: 978-3-030-01168-0
eBook Packages: Computer ScienceComputer Science (R0)