Similarity Analysis of Malicious Programs Based on Two Dimensional Characteristics of Programs

doi:10.3778/j.issn.1002-8331.2004-0259

Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (1): 118-125.DOI: 10.3778/j.issn.1002-8331.2004-0259

Previous Articles Next Articles

Similarity Analysis of Malicious Programs Based on Two Dimensional Characteristics of Programs

REN Yichen, XIAO Da

1.School of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, China
2.National Engineering Lab for Mobile Network Security, Beijing 100876, China

Online:2021-01-01 Published:2020-12-31

基于程序双维度特征的恶意程序相似性分析

任益辰，肖达

1.北京邮电大学网络空间安全学院，北京 100876
2.移动互联网安全技术国家工程实验室，北京 100876

Abstract

Abstract:

Most of malwares in cyberspace are not developed by the attacker, but based on the previous version to modify or directly combined from multiple malicious code. Therefore, similarity analysis is particularly important to detect malwares. Usually, only one single kind of malware characteristics is used to analyze the similarity of procedures, which can not fully identify the effective characteristics of procedures. So this paper proposes a program similarity analysis method which considers the semantic features of the basic block set of dynamic instructions and the structural features of the control flow graph. It analyzes the similarity of malicious programs from the semantic and structural dimensions, which can reach high accuracy and reliability.

Key words: malware, similarity, semantic features, structure features

摘要：

网络空间中充斥着大量的恶意代码，其中大部分恶意程序都不是攻击者自主开发的，而是在以往版本的基础上进行改动或直接组合多个恶意代码，因此在恶意程序检测中，相似性分析变的尤为重要。研究人员往往单一种类的信息对程序相似性进行分析，不能全面地考量程序的有效特征。针对以上情况，提出综合考虑动态指令基本块集合的语义特征和控制流图的结构特征的程序相似性分析方法，从语义和结构两个维度对恶意程序相似性进行分析，具有较高的准确度和可靠性。

关键词: 恶意程序, 相似性, 语义特征, 结构特征

REN Yichen, XIAO Da. Similarity Analysis of Malicious Programs Based on Two Dimensional Characteristics of Programs[J]. Computer Engineering and Applications, 2021, 57(1): 118-125.

任益辰，肖达. 基于程序双维度特征的恶意程序相似性分析[J]. 计算机工程与应用, 2021, 57(1): 118-125.

[1]	ZHANG Qishan, CHEN Lulu. Slope One Algorithm Based on Grey Correlational Analysis by Method of Degree of Balance and Approach [J]. Computer Engineering and Applications, 2021, 57(9): 96-102.
[2]	WANG Yonggui, LI Qianyu. Hybrid Collaborative Filtering Recommendation Algorithm Based on KNN-GBDT [J]. Computer Engineering and Applications, 2021, 57(9): 103-108.
[3]	ZHANG Songcan, PU Jiexin, SI Yanna, SUN Lifan. Adaptive Improved Ant Colony Algorithm Based on Population Similarity and Its Application [J]. Computer Engineering and Applications, 2021, 57(8): 70-77.
[4]	ZHANG Xiaowen, REN Yongfeng. Image Matching Algorithm Combining Sparse Representation and Topological Similarity [J]. Computer Engineering and Applications, 2021, 57(8): 198-203.
[5]	ZHANG Fuliang, LIANG Yiwen, TAN Chengyu. Artificial Natural Killer Cell Detection Model for Android Malware [J]. Computer Engineering and Applications, 2021, 57(6): 74-80.
[6]	YANG Fang, YIN Xi, SI Jianhui, LIU Hongyuan, WANG Xue. Mathematical Expression Similarity Calculation Method Based on Focus Clustering [J]. Computer Engineering and Applications, 2021, 57(6): 88-93.
[7]	QIAN Yunyun, YANG Wenzhong, YAO Miao, LI Hailei, CHAI Yachuang. Topic Community Discovery Model Incorporating Topic Similarity Weight [J]. Computer Engineering and Applications, 2021, 57(5): 107-114.
[8]	JIANG Bin, LIANG Xiao’an, ZHANG Liang, GAO Yangjun. Evidence Combination Method Based on Improved Modified Weight [J]. Computer Engineering and Applications, 2021, 57(24): 100-106.
[9]	TIAN Wei’an, CHEN Hongmei, ZHOU Lihua. Diversified Recommendation Method Based on Similar Users’Curiosity [J]. Computer Engineering and Applications, 2021, 57(23): 113-121.
[10]	WANG Yulian, LU Mingming. Interpretable Automatic Detection of Android Malware Based on Graph Embedding [J]. Computer Engineering and Applications, 2021, 57(23): 122-128.
[11]	CHEN Xiaohan, WEI Shuning, QIN Zhengze. Malware Family Classification Based on Deep Learning Visualization [J]. Computer Engineering and Applications, 2021, 57(22): 131-138.
[12]	LIANG Tian, CAO Dexin. Improved and Simplified Particle Swarm Optimization Algorithm Based on Levy Flight [J]. Computer Engineering and Applications, 2021, 57(20): 188-196.
[13]	WEI Dingfeng, LI Liang, CHAI Jing. Social Recommendation Algorithm by Fusing Item Information [J]. Computer Engineering and Applications, 2021, 57(19): 198-204.
[14]	REN Zhuojun, CHEN Guang, LU Wenke. Research on Visualization Method of Malware Opcodes [J]. Computer Engineering and Applications, 2021, 57(18): 130-134.
[15]	LIU Li. Top-N Recommendation Algorithm Based on User Diversity Preference [J]. Computer Engineering and Applications, 2021, 57(17): 116-121.

Similarity Analysis of Malicious Programs Based on Two Dimensional Characteristics of Programs

基于程序双维度特征的恶意程序相似性分析

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics