Abstract
Security threats due to malicious executable are getting more serious. A lot of researchers are interested in combating malware attacks. In contrast, malicious users aim to increase the usage of polymorphism and metamorphism malware in order to increase the analysis cost and prevent being identified by anti-malware tools. Due to the intuitive similarity between different polymorphisms of a malware family, clustering is an effective approach to deal with this problem. Clustering accordingly is able to reduce the number of signatures. Therefore, we have leveraged the Suffix tree structure and Locality Sensitive Hashing (LSH) to linearly cluster malicious programs and to reduce the number of signatures significantly.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
G-data. https://www.gdatasoftware.com/blog/2018/03/30610-malware-number-2017. Accessed 25 July 2018
Kaspersky lab. https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-number-of-the-year. Accessed 25 July 2018
virusshare. www.virusshare.com. Accessed 6 Sept 2017
Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference, COMPSAC 2004, vol. 2, pp. 41–42. IEEE (2004)
Chvatal, V., Sankoff, D.: Longest common subsequences of two random sequences. J. Appl. Probab. 12(2), 306–315 (1975)
Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Trans. Softw. Eng. 28(8), 735–746 (2002)
Dalla Preda, M.: Code obfuscation and malware detection by abstract interpretation. Ph.D. diss. (2007). http://profs.sci.univr.it/dallapre/MilaDallaPreda_PhD.pdf
Drew, J., Hahsler, M., Moore, T.: Polymorphic malware detection using sequence classification methods and ensembles. EURASIP J. Inf. Secur. 2017(1), 2 (2017)
Gandotra, E., Singla, S., Bansal, D., Sofat, S.: Clustering morphed malware using opcode sequence pattern matching. Recent Patents Eng. 12(1), 30–36 (2018)
Kolosnjaji, B., Eraisha, G., Webster, G., Zarras, A., Eckert, C.: Empowering convolutional networks for malware classification and analysis. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 3838–3845. IEEE (2017)
Leskovec, J., Rajaraman, A., Ullman, J.D.: Mining of Massive Datasets. Cambridge University Press, Cambridge (2014)
Miao, Q., Liu, J., Cao, Y., Song, J.: Malware detection using bilayer behavior abstraction and improved one-class support vector machines. Int. J. Inf. Secur. 15(4), 361–379 (2016)
Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: 2005 IEEE symposium on Security and privacy, pp. 226–241. IEEE (2005)
Oprişa, C., Cabău, G., Pal, G.S.: Malware clustering using suffix trees. J. Comput. Virol. Hack. Tech. 12(1), 1–10 (2016)
Oprisa, C., Checiches, M., Nandrean, A.: Locality-sensitive hashing optimizations for fast malware clustering. In: 2014 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 97–104. IEEE (2014)
Sharma, S., Rama Krishna, C., Sahay, S.K.: Detection of advanced malware by machine learning techniques. In: Ray, K., Sharma, T.K., Rawat, S., Saini, R.K., Bandyopadhyay, A. (eds.) Soft Computing: Theories and Applications. AISC, vol. 742, pp. 333–342. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-0589-4_31
Wang, T., Xu, N.: Malware variants detection based on opcode image recognition in small training set. In: 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), pp. 328–332. IEEE (2017)
Zhang, J., Qin, Z., Zhang, K., Yin, H., Zou, J.: Dalvik opcode graph based android malware variants detection using global topology features. IEEE Access 6, 51964–51974 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Naderi, H., Vinod, P., Conti, M., Parsa, S., Alaeiyan, M.H. (2019). Malware Signature Generation Using Locality Sensitive Hashing. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_9
Download citation
DOI: https://doi.org/10.1007/978-981-13-7561-3_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-7560-6
Online ISBN: 978-981-13-7561-3
eBook Packages: Computer ScienceComputer Science (R0)