计算机工程与应用 ›› 2014, Vol. 50 ›› Issue (18): 118-121.

• 网络、通信、安全 • 上一篇    下一篇

面向海量病毒样本家族聚类方法的研究

赵跃华,林聚伟   

  1. 江苏大学 计算机科学与通信工程学院,江苏 镇江 212013
  • 出版日期:2014-09-15 发布日期:2014-09-12

Research on familial clustering of massive malware samples

ZHAO Yuehua,LIN Juwei   

  1. School of Computer Science and Telecommunication Engineering,Jiangsu University,Zhenjiang,Jiangsu 212013,China
  • Online:2014-09-15 Published:2014-09-12

摘要: 计算机反病毒厂商每天接收成千上万的病毒样本,如何快速有效地将这些海量样本家族化是一个亟待解决的问题。提出了一种可伸缩性的聚类方法,面对输入海量的病毒样本向量化特征集,使用局部敏感哈希索引技术进行初次快速聚类,使用扩展K均值算法进行二次细致聚类。实验表明该聚类方法在有限牺牲准确度的情况下,大为提高了病毒聚类的时间效率。

关键词: 病毒家族, 可伸缩性聚类, 局部敏感哈希, 扩展K均值

Abstract: Anti-malware companies receive thousands of malware samples every day, so it becomes more and more pressing to handle these samples timely and effectively. A scalable clustering approach is proposed to group these massive malware samples. LSH algorithm is used to cluster samples rapidly. Extended K-means algorithm is employed to perform accurately clustering. Experimental results show that this approach can improve malware clustering efficiency observably at the cost of little accuracy.

Key words: malware family, scalable clustering, Locality Sensitive Hash(LSH) algorithm, extended K-means