Cargando…
Malware homology determination using visualized images and feature fusion
The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variant...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
PeerJ Inc.
2021
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8056249/ https://www.ncbi.nlm.nih.gov/pubmed/33977134 http://dx.doi.org/10.7717/peerj-cs.494 |
| _version_ | 1783680613842157568 |
|---|---|
| author | Zhu, Xuejin Huang, Jie Wang, Bin Qi, Chunyang |
| author_facet | Zhu, Xuejin Huang, Jie Wang, Bin Qi, Chunyang |
| author_sort | Zhu, Xuejin |
| collection | PubMed |
| description | The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes. |
| format | Online Article Text |
| id | pubmed-8056249 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2021 |
| publisher | PeerJ Inc. |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-80562492021-05-10 Malware homology determination using visualized images and feature fusion Zhu, Xuejin Huang, Jie Wang, Bin Qi, Chunyang PeerJ Comput Sci Computer Networks and Communications The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes. PeerJ Inc. 2021-04-15 /pmc/articles/PMC8056249/ /pubmed/33977134 http://dx.doi.org/10.7717/peerj-cs.494 Text en © 2021 Zhu et al. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited. |
| spellingShingle | Computer Networks and Communications Zhu, Xuejin Huang, Jie Wang, Bin Qi, Chunyang Malware homology determination using visualized images and feature fusion |
| title | Malware homology determination using visualized images and feature fusion |
| title_full | Malware homology determination using visualized images and feature fusion |
| title_fullStr | Malware homology determination using visualized images and feature fusion |
| title_full_unstemmed | Malware homology determination using visualized images and feature fusion |
| title_short | Malware homology determination using visualized images and feature fusion |
| title_sort | malware homology determination using visualized images and feature fusion |
| topic | Computer Networks and Communications |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8056249/ https://www.ncbi.nlm.nih.gov/pubmed/33977134 http://dx.doi.org/10.7717/peerj-cs.494 |
| work_keys_str_mv | AT zhuxuejin malwarehomologydeterminationusingvisualizedimagesandfeaturefusion AT huangjie malwarehomologydeterminationusingvisualizedimagesandfeaturefusion AT wangbin malwarehomologydeterminationusingvisualizedimagesandfeaturefusion AT qichunyang malwarehomologydeterminationusingvisualizedimagesandfeaturefusion |