Incremental clustering method based on Gaussian mixture model to identify malware family
Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods we...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2019-06-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019135/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539369282830336 |
|---|---|
| author | Jianwei HU Xin CHE Man ZHOU Yanpeng CUI |
| author_facet | Jianwei HU Xin CHE Man ZHOU Yanpeng CUI |
| author_sort | Jianwei HU |
| collection | DOAJ |
| description | Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods were combined to analyze malicious behavior characteristics.In addition,according to the purpose,inheritance and diversity of the malware family,the transitive closure relationship of the malware family was constructed,and then the incremental clustering method based on Gaussian mixture model was improved to identify the malware family.Experiments show that the proposed method can not only save the storage space of malware detection,but also significantly improve the detection accuracy and recognition efficiency. |
| format | Article |
| id | doaj-art-a10a1fe877024743a4845a977dec2cea |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2019-06-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-a10a1fe877024743a4845a977dec2cea2025-01-14T07:17:11ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2019-06-014014815959727866Incremental clustering method based on Gaussian mixture model to identify malware familyJianwei HUXin CHEMan ZHOUYanpeng CUIAiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods were combined to analyze malicious behavior characteristics.In addition,according to the purpose,inheritance and diversity of the malware family,the transitive closure relationship of the malware family was constructed,and then the incremental clustering method based on Gaussian mixture model was improved to identify the malware family.Experiments show that the proposed method can not only save the storage space of malware detection,but also significantly improve the detection accuracy and recognition efficiency.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019135/malware familyGaussian mixture modelincremental clusteringAPI function calllogic rule |
| spellingShingle | Jianwei HU Xin CHE Man ZHOU Yanpeng CUI Incremental clustering method based on Gaussian mixture model to identify malware family Tongxin xuebao malware family Gaussian mixture model incremental clustering API function call logic rule |
| title | Incremental clustering method based on Gaussian mixture model to identify malware family |
| title_full | Incremental clustering method based on Gaussian mixture model to identify malware family |
| title_fullStr | Incremental clustering method based on Gaussian mixture model to identify malware family |
| title_full_unstemmed | Incremental clustering method based on Gaussian mixture model to identify malware family |
| title_short | Incremental clustering method based on Gaussian mixture model to identify malware family |
| title_sort | incremental clustering method based on gaussian mixture model to identify malware family |
| topic | malware family Gaussian mixture model incremental clustering API function call logic rule |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019135/ |
| work_keys_str_mv | AT jianweihu incrementalclusteringmethodbasedongaussianmixturemodeltoidentifymalwarefamily AT xinche incrementalclusteringmethodbasedongaussianmixturemodeltoidentifymalwarefamily AT manzhou incrementalclusteringmethodbasedongaussianmixturemodeltoidentifymalwarefamily AT yanpengcui incrementalclusteringmethodbasedongaussianmixturemodeltoidentifymalwarefamily |