Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (1): 118-125.DOI: 10.3778/j.issn.1002-8331.2004-0259

Previous Articles     Next Articles

Similarity Analysis of Malicious Programs Based on Two Dimensional Characteristics of Programs

REN Yichen, XIAO Da   

  1. 1.School of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, China
    2.National Engineering Lab for Mobile Network Security, Beijing 100876, China
  • Online:2021-01-01 Published:2020-12-31



  1. 1.北京邮电大学 网络空间安全学院,北京 100876
    2.移动互联网安全技术国家工程实验室,北京 100876


Most of malwares in cyberspace are not developed by the attacker, but based on the previous version to modify or directly combined from multiple malicious code. Therefore, similarity analysis is particularly important to detect malwares. Usually, only one single kind of malware characteristics is used to analyze the similarity of procedures, which can not fully identify the effective characteristics of procedures. So this paper proposes a program similarity analysis method which considers the semantic features of the basic block set of dynamic instructions and the structural features of the control flow graph. It analyzes the similarity of malicious programs from the semantic and structural dimensions, which can reach high accuracy and reliability.

Key words: malware, similarity, semantic features, structure features



关键词: 恶意程序, 相似性, 语义特征, 结构特征