Malware phylogeny refers to inferring the evolutionary relationships among instances of a family. It plays an important role in malware forensics. Previous works mainly focused on tree-based model. However, trees cannot represent reticulate events, such as inheriting code fragments from different parents, which are common in variants generation. Therefore, phylogenetic networks as a more accurate and general model have been put forward. In this paper, we propose a novel malware phylogenetic network construction method based on splits graph, taking advantage of the one-to-one correspondence between reticulate events and netted components in splits graph. We evaluate our algorithm on three malware families and two benign families whose ground truth are known and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 64.8%.
Jing LIU
National University of Defense Technology
Yuan WANG
National University of Defense Technology
Pei Dai XIE
National University of Defense Technology
Yong Jun WANG
National University of Defense Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Jing LIU, Yuan WANG, Pei Dai XIE, Yong Jun WANG, "Inferring Phylogenetic Network of Malware Families Based on Splits Graph" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 6, pp. 1368-1371, June 2017, doi: 10.1587/transinf.2016EDL8230.
Abstract: Malware phylogeny refers to inferring the evolutionary relationships among instances of a family. It plays an important role in malware forensics. Previous works mainly focused on tree-based model. However, trees cannot represent reticulate events, such as inheriting code fragments from different parents, which are common in variants generation. Therefore, phylogenetic networks as a more accurate and general model have been put forward. In this paper, we propose a novel malware phylogenetic network construction method based on splits graph, taking advantage of the one-to-one correspondence between reticulate events and netted components in splits graph. We evaluate our algorithm on three malware families and two benign families whose ground truth are known and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 64.8%.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2016EDL8230/_p
Copy
@ARTICLE{e100-d_6_1368,
author={Jing LIU, Yuan WANG, Pei Dai XIE, Yong Jun WANG, },
journal={IEICE TRANSACTIONS on Information},
title={Inferring Phylogenetic Network of Malware Families Based on Splits Graph},
year={2017},
volume={E100-D},
number={6},
pages={1368-1371},
abstract={Malware phylogeny refers to inferring the evolutionary relationships among instances of a family. It plays an important role in malware forensics. Previous works mainly focused on tree-based model. However, trees cannot represent reticulate events, such as inheriting code fragments from different parents, which are common in variants generation. Therefore, phylogenetic networks as a more accurate and general model have been put forward. In this paper, we propose a novel malware phylogenetic network construction method based on splits graph, taking advantage of the one-to-one correspondence between reticulate events and netted components in splits graph. We evaluate our algorithm on three malware families and two benign families whose ground truth are known and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 64.8%.},
keywords={},
doi={10.1587/transinf.2016EDL8230},
ISSN={1745-1361},
month={June},}
Copy
TY - JOUR
TI - Inferring Phylogenetic Network of Malware Families Based on Splits Graph
T2 - IEICE TRANSACTIONS on Information
SP - 1368
EP - 1371
AU - Jing LIU
AU - Yuan WANG
AU - Pei Dai XIE
AU - Yong Jun WANG
PY - 2017
DO - 10.1587/transinf.2016EDL8230
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 6
JA - IEICE TRANSACTIONS on Information
Y1 - June 2017
AB - Malware phylogeny refers to inferring the evolutionary relationships among instances of a family. It plays an important role in malware forensics. Previous works mainly focused on tree-based model. However, trees cannot represent reticulate events, such as inheriting code fragments from different parents, which are common in variants generation. Therefore, phylogenetic networks as a more accurate and general model have been put forward. In this paper, we propose a novel malware phylogenetic network construction method based on splits graph, taking advantage of the one-to-one correspondence between reticulate events and netted components in splits graph. We evaluate our algorithm on three malware families and two benign families whose ground truth are known and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 64.8%.
ER -