ISCAS OpenIR  > 信息安全国家重点实验室
depsim: a dependency-based malware similarity comparison system
Yi Yang; Lingyun Ying; Rui Wang; Purui Su; Dengguo Feng
2011
会议名称6th China International Conference on Information Security and Cryptology, Inscrypt 2010
会议录名称Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
页码503-522
会议日期20-Oct
会议地点Shanghai, China
收录类别EI
出版地Germany
ISSN3029743
ISBN9783642215179
部门归属(1) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China
摘要It is important for malware analysis that comparing unknown files to previously-known malicious samples to quickly characterize the type of behavior and generate signatures. Malware writers often use obfuscation, such as packing, junk-insertion and other means of techniques to thwart traditional similarity comparison methods. In this paper, we introduce DepSim, a novel technique for finding dependency similarities between malicious binary programs. DepSim constructs dependency graphs of control flow and data flow of the program by taint analysis, and then conducts similarity analysis using a new graph isomorphism technique. In order to promote the accuracy and anti-interference capability, we reduce redundant loops and remove junk actions at the dependency graph pre-processing phase, which can also greatly improve the performance of our comparison algorithm. We implemented a prototype of DepSim and evaluated it to malware in the wild. Our prototype system successfully identified some semantic similarities between malware and revealed their inner similarity in program logic and behavior. The results demonstrate that our technique is accurate. © 2011 Springer-Verlag.
关键词Behavioral Research Computer Crime Cryptography Dynamic Analysis Network Security Program Processors Semantics
主办者State Key Laboratory of Information Security; Chinese Academy of Sciences; Chinese Association for Cryptologic Research
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/14329
专题信息安全国家重点实验室
推荐引用方式
GB/T 7714
Yi Yang,Lingyun Ying,Rui Wang,et al. depsim: a dependency-based malware similarity comparison system[C]. Germany,2011:503-522.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
depsim a dependency (912KB) 开放获取--请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Yi Yang]的文章
[Lingyun Ying]的文章
[Rui Wang]的文章
百度学术
百度学术中相似的文章
[Yi Yang]的文章
[Lingyun Ying]的文章
[Rui Wang]的文章
必应学术
必应学术中相似的文章
[Yi Yang]的文章
[Lingyun Ying]的文章
[Rui Wang]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。