Structural classification and similarity measurement of malware

Hongbo Shi, Tomoki Hamagami, Katsunari Yoshioka, Haoyuan Xu, Kazuhiro Tobe, Shigeki Goto

    Research output: Contribution to journalArticle

    2 Citations (Scopus)

    Abstract

    This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.

    Original languageEnglish
    Pages (from-to)621-632
    Number of pages12
    JournalIEEJ Transactions on Electrical and Electronic Engineering
    Volume9
    Issue number6
    DOIs
    Publication statusPublished - 2014 Nov 1

    Fingerprint

    Self organizing maps
    Windows operating system
    Malware
    Data mining
    Experiments

    Keywords

    • Classification
    • Dynamic link library
    • GHSOM
    • Malware
    • Relationship
    • Tree structure

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering

    Cite this

    Structural classification and similarity measurement of malware. / Shi, Hongbo; Hamagami, Tomoki; Yoshioka, Katsunari; Xu, Haoyuan; Tobe, Kazuhiro; Goto, Shigeki.

    In: IEEJ Transactions on Electrical and Electronic Engineering, Vol. 9, No. 6, 01.11.2014, p. 621-632.

    Research output: Contribution to journalArticle

    Shi, Hongbo ; Hamagami, Tomoki ; Yoshioka, Katsunari ; Xu, Haoyuan ; Tobe, Kazuhiro ; Goto, Shigeki. / Structural classification and similarity measurement of malware. In: IEEJ Transactions on Electrical and Electronic Engineering. 2014 ; Vol. 9, No. 6. pp. 621-632.
    @article{0b1399f040f74c0cbe429b5460e31752,
    title = "Structural classification and similarity measurement of malware",
    abstract = "This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.",
    keywords = "Classification, Dynamic link library, GHSOM, Malware, Relationship, Tree structure",
    author = "Hongbo Shi and Tomoki Hamagami and Katsunari Yoshioka and Haoyuan Xu and Kazuhiro Tobe and Shigeki Goto",
    year = "2014",
    month = "11",
    day = "1",
    doi = "10.1002/tee.22018",
    language = "English",
    volume = "9",
    pages = "621--632",
    journal = "IEEJ Transactions on Electrical and Electronic Engineering",
    issn = "1931-4973",
    publisher = "John Wiley and Sons Inc.",
    number = "6",

    }

    TY - JOUR

    T1 - Structural classification and similarity measurement of malware

    AU - Shi, Hongbo

    AU - Hamagami, Tomoki

    AU - Yoshioka, Katsunari

    AU - Xu, Haoyuan

    AU - Tobe, Kazuhiro

    AU - Goto, Shigeki

    PY - 2014/11/1

    Y1 - 2014/11/1

    N2 - This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.

    AB - This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.

    KW - Classification

    KW - Dynamic link library

    KW - GHSOM

    KW - Malware

    KW - Relationship

    KW - Tree structure

    UR - http://www.scopus.com/inward/record.url?scp=84907943225&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84907943225&partnerID=8YFLogxK

    U2 - 10.1002/tee.22018

    DO - 10.1002/tee.22018

    M3 - Article

    VL - 9

    SP - 621

    EP - 632

    JO - IEEJ Transactions on Electrical and Electronic Engineering

    JF - IEEJ Transactions on Electrical and Electronic Engineering

    SN - 1931-4973

    IS - 6

    ER -