IEICE TRANSACTIONS on Information
Having an Insight into Malware Phylogeny: Building Persistent Phylogeny Tree of Families
Summary :
Malware phylogeny refers to inferring evolutionary relationships between instances of families. It has gained a lot of attention over the past several years, due to its efficiency in accelerating reverse engineering of new variants within families. Previous researches mainly focused on tree-based models. However, those approaches merely demonstrate lineage of families using dendrograms or directed trees with rough evolution information. In this paper, we propose a novel malware phylogeny construction method taking advantage of persistent phylogeny tree model, whose nodes correspond to input instances and edges represent the gain or lost of functional characters. It can not only depict directed ancestor-descendant relationships between malware instances, but also show concrete function inheritance and variation between ancestor and descendant, which is significant in variants defense. We evaluate our algorithm on three malware families and one benign family whose ground truth are known, and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 61.4%.
- Publication
- IEICE TRANSACTIONS on Information Vol.E101-D No.4 pp.1199-1202
- Publication Date
- 2018/04/01
- Publicized
- 2018/01/09
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2017EDL8172
- Type of Manuscript
- LETTER
- Category
- Information Network
Authors
Jing LIU
National University of Defense Technology
Pei Dai XIE
National University of Defense Technology
Meng Zhu LIU
Lanzhou University
Yong Jun WANG
National University of Defense Technology
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Jing LIU, Pei Dai XIE, Meng Zhu LIU, Yong Jun WANG, "Having an Insight into Malware Phylogeny: Building Persistent Phylogeny Tree of Families" in IEICE TRANSACTIONS on Information,
vol. E101-D, no. 4, pp. 1199-1202, April 2018, doi: 10.1587/transinf.2017EDL8172.
Abstract: Malware phylogeny refers to inferring evolutionary relationships between instances of families. It has gained a lot of attention over the past several years, due to its efficiency in accelerating reverse engineering of new variants within families. Previous researches mainly focused on tree-based models. However, those approaches merely demonstrate lineage of families using dendrograms or directed trees with rough evolution information. In this paper, we propose a novel malware phylogeny construction method taking advantage of persistent phylogeny tree model, whose nodes correspond to input instances and edges represent the gain or lost of functional characters. It can not only depict directed ancestor-descendant relationships between malware instances, but also show concrete function inheritance and variation between ancestor and descendant, which is significant in variants defense. We evaluate our algorithm on three malware families and one benign family whose ground truth are known, and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 61.4%.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2017EDL8172/_p
Copy
@ARTICLE{e101-d_4_1199,
author={Jing LIU, Pei Dai XIE, Meng Zhu LIU, Yong Jun WANG, },
journal={IEICE TRANSACTIONS on Information},
title={Having an Insight into Malware Phylogeny: Building Persistent Phylogeny Tree of Families},
year={2018},
volume={E101-D},
number={4},
pages={1199-1202},
abstract={Malware phylogeny refers to inferring evolutionary relationships between instances of families. It has gained a lot of attention over the past several years, due to its efficiency in accelerating reverse engineering of new variants within families. Previous researches mainly focused on tree-based models. However, those approaches merely demonstrate lineage of families using dendrograms or directed trees with rough evolution information. In this paper, we propose a novel malware phylogeny construction method taking advantage of persistent phylogeny tree model, whose nodes correspond to input instances and edges represent the gain or lost of functional characters. It can not only depict directed ancestor-descendant relationships between malware instances, but also show concrete function inheritance and variation between ancestor and descendant, which is significant in variants defense. We evaluate our algorithm on three malware families and one benign family whose ground truth are known, and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 61.4%.},
keywords={},
doi={10.1587/transinf.2017EDL8172},
ISSN={1745-1361},
month={April},}
Copy
TY - JOUR
TI - Having an Insight into Malware Phylogeny: Building Persistent Phylogeny Tree of Families
T2 - IEICE TRANSACTIONS on Information
SP - 1199
EP - 1202
AU - Jing LIU
AU - Pei Dai XIE
AU - Meng Zhu LIU
AU - Yong Jun WANG
PY - 2018
DO - 10.1587/transinf.2017EDL8172
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E101-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 2018
AB - Malware phylogeny refers to inferring evolutionary relationships between instances of families. It has gained a lot of attention over the past several years, due to its efficiency in accelerating reverse engineering of new variants within families. Previous researches mainly focused on tree-based models. However, those approaches merely demonstrate lineage of families using dendrograms or directed trees with rough evolution information. In this paper, we propose a novel malware phylogeny construction method taking advantage of persistent phylogeny tree model, whose nodes correspond to input instances and edges represent the gain or lost of functional characters. It can not only depict directed ancestor-descendant relationships between malware instances, but also show concrete function inheritance and variation between ancestor and descendant, which is significant in variants defense. We evaluate our algorithm on three malware families and one benign family whose ground truth are known, and compare with competing algorithms. Experiments demonstrate that our method achieves a higher mean accuracy of 61.4%.
ER -
English
