中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 会议论文
题名:
depsim: a dependency-based malware similarity comparison system
作者: Yi Yang ; Lingyun Ying ; Rui Wang ; Purui Su ; Dengguo Feng
会议文集: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
会议名称: 6th China International Conference on Information Security and Cryptology, Inscrypt 2010
会议日期: 20-Oct
出版日期: 2011
会议地点: Shanghai, China
关键词: Behavioral research ; Computer crime ; Cryptography ; Dynamic analysis ; Network security ; Program processors ; Semantics
出版地: Germany
收录类别: EI
ISSN: 3029743
ISBN: 9783642215179
部门归属: (1) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China
主办者: State Key Laboratory of Information Security; Chinese Academy of Sciences; Chinese Association for Cryptologic Research
英文摘要: It is important for malware analysis that comparing unknown files to previously-known malicious samples to quickly characterize the type of behavior and generate signatures. Malware writers often use obfuscation, such as packing, junk-insertion and other means of techniques to thwart traditional similarity comparison methods. In this paper, we introduce DepSim, a novel technique for finding dependency similarities between malicious binary programs. DepSim constructs dependency graphs of control flow and data flow of the program by taint analysis, and then conducts similarity analysis using a new graph isomorphism technique. In order to promote the accuracy and anti-interference capability, we reduce redundant loops and remove junk actions at the dependency graph pre-processing phase, which can also greatly improve the performance of our comparison algorithm. We implemented a prototype of DepSim and evaluated it to malware in the wild. Our prototype system successfully identified some semantic similarities between malware and revealed their inner similarity in program logic and behavior. The results demonstrate that our technique is accurate. © 2011 Springer-Verlag.
内容类型: 会议论文
URI标识: http://ir.iscas.ac.cn/handle/311060/14329
Appears in Collections:信息安全国家重点实验室_会议论文

Files in This Item:
File Name/ File Size Content Type Version Access License
depsim a dependency based malware similarity comparison system.pdf(912KB)----限制开放-- 联系获取全文

Recommended Citation:
Yi Yang,Lingyun Ying,Rui Wang,et al. depsim: a dependency-based malware similarity comparison system[C]. 见:6th China International Conference on Information Security and Cryptology, Inscrypt 2010. Shanghai, China. 20-Oct.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Yi Yang]'s Articles
[Lingyun Ying]'s Articles
[Rui Wang]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Yi Yang]‘s Articles
[Lingyun Ying]‘s Articles
[Rui Wang]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace