Skip to main content
SpringerLink
Log in

Malware Signature Generation Using Locality Sensitive Hashing

  • Conference paper
  • First Online:
Security and Privacy (ISEA-ISAP 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 939))

Included in the following conference series:

Abstract

Security threats due to malicious executable are getting more serious. A lot of researchers are interested in combating malware attacks. In contrast, malicious users aim to increase the usage of polymorphism and metamorphism malware in order to increase the analysis cost and prevent being identified by anti-malware tools. Due to the intuitive similarity between different polymorphisms of a malware family, clustering is an effective approach to deal with this problem. Clustering accordingly is able to reduce the number of signatures. Therefore, we have leveraged the Suffix tree structure and Locality Sensitive Hashing (LSH) to linearly cluster malicious programs and to reduce the number of signatures significantly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. G-data. https://www.gdatasoftware.com/blog/2018/03/30610-malware-number-2017. Accessed 25 July 2018

  2. Kaspersky lab. https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-number-of-the-year. Accessed 25 July 2018

  3. virusshare. www.virusshare.com. Accessed 6 Sept 2017

  4. Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference, COMPSAC 2004, vol. 2, pp. 41–42. IEEE (2004)

    Google Scholar 

  5. Chvatal, V., Sankoff, D.: Longest common subsequences of two random sequences. J. Appl. Probab. 12(2), 306–315 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  6. Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Trans. Softw. Eng. 28(8), 735–746 (2002)

    Article  Google Scholar 

  7. Dalla Preda, M.: Code obfuscation and malware detection by abstract interpretation. Ph.D. diss. (2007). http://profs.sci.univr.it/dallapre/MilaDallaPreda_PhD.pdf

  8. Drew, J., Hahsler, M., Moore, T.: Polymorphic malware detection using sequence classification methods and ensembles. EURASIP J. Inf. Secur. 2017(1), 2 (2017)

    Article  Google Scholar 

  9. Gandotra, E., Singla, S., Bansal, D., Sofat, S.: Clustering morphed malware using opcode sequence pattern matching. Recent Patents Eng. 12(1), 30–36 (2018)

    Article  Google Scholar 

  10. Kolosnjaji, B., Eraisha, G., Webster, G., Zarras, A., Eckert, C.: Empowering convolutional networks for malware classification and analysis. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 3838–3845. IEEE (2017)

    Google Scholar 

  11. Leskovec, J., Rajaraman, A., Ullman, J.D.: Mining of Massive Datasets. Cambridge University Press, Cambridge (2014)

    Book  Google Scholar 

  12. Miao, Q., Liu, J., Cao, Y., Song, J.: Malware detection using bilayer behavior abstraction and improved one-class support vector machines. Int. J. Inf. Secur. 15(4), 361–379 (2016)

    Article  Google Scholar 

  13. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: 2005 IEEE symposium on Security and privacy, pp. 226–241. IEEE (2005)

    Google Scholar 

  14. Oprişa, C., Cabău, G., Pal, G.S.: Malware clustering using suffix trees. J. Comput. Virol. Hack. Tech. 12(1), 1–10 (2016)

    Article  Google Scholar 

  15. Oprisa, C., Checiches, M., Nandrean, A.: Locality-sensitive hashing optimizations for fast malware clustering. In: 2014 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 97–104. IEEE (2014)

    Google Scholar 

  16. Sharma, S., Rama Krishna, C., Sahay, S.K.: Detection of advanced malware by machine learning techniques. In: Ray, K., Sharma, T.K., Rawat, S., Saini, R.K., Bandyopadhyay, A. (eds.) Soft Computing: Theories and Applications. AISC, vol. 742, pp. 333–342. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-0589-4_31

    Chapter  Google Scholar 

  17. Wang, T., Xu, N.: Malware variants detection based on opcode image recognition in small training set. In: 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), pp. 328–332. IEEE (2017)

    Google Scholar 

  18. Zhang, J., Qin, Z., Zhang, K., Yin, H., Zou, J.: Dalvik opcode graph based android malware variants detection using global topology features. IEEE Access 6, 51964–51974 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Engineering, Iran University of Science and Technology, Narmak, 16844, Tehran, Iran

    Hassan Naderi, Saeed Parsa & Mohammad Hadi Alaeiyan

  2. Department of Mathematics, University of Padua, 35122, Padua, Italy

    P. Vinod & Mauro Conti

Authors
  1. Hassan Naderi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Vinod
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saeed Parsa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammad Hadi Alaeiyan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Hadi Alaeiyan .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Guwahati, Guwahati, India

    Sukumar Nandi

  2. Indian Institute of Technology Jammu, Jammu, India

    Devesh Jinwala

  3. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  4. Malaviya National Institute of Technology, Jaipur, India

    Vijay Laxmi

  5. Indian Institute of Technology Jammu, Jammu, Jammu and Kashmir, India

    Manoj Singh Gaur

  6. Department of Technical Education, Government of Gujarat, Rajkot, India

    Parvez Faruki

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Naderi, H., Vinod, P., Conti, M., Parsa, S., Alaeiyan, M.H. (2019). Malware Signature Generation Using Locality Sensitive Hashing. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-7561-3_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-7560-6

  • Online ISBN: 978-981-13-7561-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation