Incremental clustering method based on Gaussian mixture model to identify malware family
Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods we...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2019-06-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019135/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods were combined to analyze malicious behavior characteristics.In addition,according to the purpose,inheritance and diversity of the malware family,the transitive closure relationship of the malware family was constructed,and then the incremental clustering method based on Gaussian mixture model was improved to identify the malware family.Experiments show that the proposed method can not only save the storage space of malware detection,but also significantly improve the detection accuracy and recognition efficiency. |
|---|---|
| ISSN: | 1000-436X |