Biblio
Filters: Author is Kang, Fei [Clear All Filters]
.
2020. Automatically Generating Malware Summary Using Semantic Behavior Graphs (SBGs). 2020 Information Communication Technologies Conference (ICTC). :282–291.
In malware behavior analysis, there are limitations in the analysis method of control flow and data flow. Researchers analyzed data flow by dynamic taint analysis tools, however, it cost a lot. In this paper, we proposed a method of generating malware summary based on semantic behavior graphs (SBGs, Semantic Behavior Graphs) to address this issue. In this paper, we considered various situation where behaviors be capable of being associated, thus an algorithm of generating semantic behavior graphs was given firstly. Semantic behavior graphs are composed of behavior nodes and associated data edges. Then, we extracted behaviors and logical relationships between behaviors from semantic behavior graphs, and finally generated a summary of malware behaviors with true intension. Experimental results showed that our approach can effectively identify and describe malicious behaviors and generate accurate behavior summary.
.
2020. A Malware Similarity Analysis Method Based on Network Control Structure Graph. 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS). :295–300.
Recently, graph-based malware similarity analysis has been widely used in the field of malware detection. However, the wide application of code obfuscation, polymorphism, and deformation changes the structure of malicious code, which brings great challenges to the malware similarity analysis. To solve these problems, in this paper, we present a new approach to malware similarity analysis based on the network control structure graph (NCSG). This method analyzed the behavior of malware by application program interface (API) association and constructed NCSG. The graph could reflect the command-and-control(C&C) logic of malware. Therefore, it can resist the interference of code obfuscation technology. The structural features extracted from NCSG will be used as the basis of similarity analysis for training the detection model. Finally, we tested the dataset constructed from five known malware family samples, and the experimental results showed that the accuracy of this method for malware variation analysis reached 92.75%. In conclusion, the malware similarity analysis based on NCSG has a strong application value for identifying the same family of malware.