Research on malicious code variants detection based on texture fingerprint
A texture-fingerprint-based approach is proposed to extract or detect the feature from malware content. The texture fingerprint of a malware is the set of texture fingerprints for each uncompressed gray-scale image block. The ma-licious code is mapped to uncompressed gray-scale image by integrating...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-08-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.08.016/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539194748403712 |
|---|---|
| author | Xiao-guang HAN UWu Q AOXuan-xia Y UOChang-you G Fang ZHOU |
| author_facet | Xiao-guang HAN UWu Q AOXuan-xia Y UOChang-you G Fang ZHOU |
| author_sort | Xiao-guang HAN |
| collection | DOAJ |
| description | A texture-fingerprint-based approach is proposed to extract or detect the feature from malware content. The texture fingerprint of a malware is the set of texture fingerprints for each uncompressed gray-scale image block. The ma-licious code is mapped to uncompressed gray-scale image by integrating image analysis techniques and variants of mali-cious code detection technology. The uncompressed gray-scale image is partitioned into blocks by the texture segmen-tation algorithm. The texture fingerprints for each uncompressed gray-scale image block is extracted by gray-scale co-occurrence matrix algorithm. Afterwards, the index structure for fingerprint texture is built on the statistical analy-sis of general texture fingerprints of malicious code samples. In the detection phase, according to the generation policy for malicious code texture fingerprint, the prototype system for texture fingerprint extraction and detection is con-structed by employing the integrated weight method to multi-segmented texture fingerprint similarity matching to de-tect variants and unknown malicious codes. Experimental results show that the malware variants detection system based on the proposed approach has good performance not only in speed and accuracy but also in identifying malware variants. |
| format | Article |
| id | doaj-art-584acd7716454340bc117b8a23f6d073 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2014-08-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-584acd7716454340bc117b8a23f6d0732025-01-14T07:25:20ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-08-013512513659683497Research on malicious code variants detection based on texture fingerprintXiao-guang HANUWu QAOXuan-xia YUOChang-you GFang ZHOUA texture-fingerprint-based approach is proposed to extract or detect the feature from malware content. The texture fingerprint of a malware is the set of texture fingerprints for each uncompressed gray-scale image block. The ma-licious code is mapped to uncompressed gray-scale image by integrating image analysis techniques and variants of mali-cious code detection technology. The uncompressed gray-scale image is partitioned into blocks by the texture segmen-tation algorithm. The texture fingerprints for each uncompressed gray-scale image block is extracted by gray-scale co-occurrence matrix algorithm. Afterwards, the index structure for fingerprint texture is built on the statistical analy-sis of general texture fingerprints of malicious code samples. In the detection phase, according to the generation policy for malicious code texture fingerprint, the prototype system for texture fingerprint extraction and detection is con-structed by employing the integrated weight method to multi-segmented texture fingerprint similarity matching to de-tect variants and unknown malicious codes. Experimental results show that the malware variants detection system based on the proposed approach has good performance not only in speed and accuracy but also in identifying malware variants.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.08.016/network securitymalware variants detectiontexture fingerprintspatial similarity retrieval |
| spellingShingle | Xiao-guang HAN UWu Q AOXuan-xia Y UOChang-you G Fang ZHOU Research on malicious code variants detection based on texture fingerprint Tongxin xuebao network security malware variants detection texture fingerprint spatial similarity retrieval |
| title | Research on malicious code variants detection based on texture fingerprint |
| title_full | Research on malicious code variants detection based on texture fingerprint |
| title_fullStr | Research on malicious code variants detection based on texture fingerprint |
| title_full_unstemmed | Research on malicious code variants detection based on texture fingerprint |
| title_short | Research on malicious code variants detection based on texture fingerprint |
| title_sort | research on malicious code variants detection based on texture fingerprint |
| topic | network security malware variants detection texture fingerprint spatial similarity retrieval |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.08.016/ |
| work_keys_str_mv | AT xiaoguanghan researchonmaliciouscodevariantsdetectionbasedontexturefingerprint AT uwuq researchonmaliciouscodevariantsdetectionbasedontexturefingerprint AT aoxuanxiay researchonmaliciouscodevariantsdetectionbasedontexturefingerprint AT uochangyoug researchonmaliciouscodevariantsdetectionbasedontexturefingerprint AT fangzhou researchonmaliciouscodevariantsdetectionbasedontexturefingerprint |