Homology analysis method of worms based on attack and propagation features

Liyan Wang; Jingfeng Xue; Yan Cui; Yong Wang; Chun Shan

doi:10.1007/978-981-10-7080-8_1

Homology analysis method of worms based on attack and propagation features

Liyan Wang, Jingfeng Xue, Yan Cui, Yong Wang, Chun Shan^*

^*此作品的通讯作者

计算机学院

Beijing Institute of Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

源语言	英语
主期刊名	Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings
编辑	Fei Yan, Ming Xu, Shaojing Fu, Zheng Qin
出版商	Springer Verlag
页	1-15
页数	15
ISBN（印刷版）	9789811070792
DOI	https://doi.org/10.1007/978-981-10-7080-8_1
出版状态	已出版 - 2017
活动	11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017 - Changsha, 中国期限: 14 9月 2017 → 17 9月 2017

出版系列

姓名	Communications in Computer and Information Science
卷	704
ISSN（印刷版）	1865-0929

会议

会议	11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017
国家/地区	中国
市	Changsha
时期	14/09/17 → 17/09/17

访问文件

10.1007/978-981-10-7080-8_1

其它文件与链接

链接到 Scopus 的出版物

引用此

Wang, L., Xue, J., Cui, Y., Wang, Y., & Shan, C. (2017). Homology analysis method of worms based on attack and propagation features. 在 F. Yan, M. Xu, S. Fu, & Z. Qin (编辑), Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings (页码 1-15). (Communications in Computer and Information Science; 卷 704). Springer Verlag. https://doi.org/10.1007/978-981-10-7080-8_1

@inproceedings{e27629802df04d13bc1759c92673bc5c,

title = "Homology analysis method of worms based on attack and propagation features",

abstract = "Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what{\textquoteright}s more further improve the accuracy of the results of the homology analysis of worms.",

keywords = "Feature engineering, Frequent pattern mining, Homology analysis, Sensitive behavior match, Worm",

author = "Liyan Wang and Jingfeng Xue and Yan Cui and Yong Wang and Chun Shan",

note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2017.; 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017 ; Conference date: 14-09-2017 Through 17-09-2017",

year = "2017",

doi = "10.1007/978-981-10-7080-8_1",

language = "English",

isbn = "9789811070792",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "1--15",

editor = "Fei Yan and Ming Xu and Shaojing Fu and Zheng Qin",

booktitle = "Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings",

address = "Germany",

}

Wang, L, Xue, J, Cui, Y, Wang, Y & Shan, C 2017, Homology analysis method of worms based on attack and propagation features. 在 F Yan, M Xu, S Fu & Z Qin (编辑), Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings. Communications in Computer and Information Science, 卷 704, Springer Verlag, 页码 1-15, 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017, Changsha, 中国, 14/09/17. https://doi.org/10.1007/978-981-10-7080-8_1

Homology analysis method of worms based on attack and propagation features. / Wang, Liyan; Xue, Jingfeng; Cui, Yan 等.
Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings. 编辑 / Fei Yan; Ming Xu; Shaojing Fu; Zheng Qin. Springer Verlag, 2017. 页码 1-15 (Communications in Computer and Information Science; 卷 704).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Homology analysis method of worms based on attack and propagation features

AU - Wang, Liyan

AU - Xue, Jingfeng

AU - Cui, Yan

AU - Wang, Yong

AU - Shan, Chun

N1 - Publisher Copyright: © Springer Nature Singapore Pte Ltd. 2017.

PY - 2017

Y1 - 2017

N2 - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

AB - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

KW - Feature engineering

KW - Frequent pattern mining

KW - Homology analysis

KW - Sensitive behavior match

KW - Worm

UR - http://www.scopus.com/inward/record.url?scp=85036476954&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-7080-8_1

DO - 10.1007/978-981-10-7080-8_1

M3 - Conference contribution

AN - SCOPUS:85036476954

SN - 9789811070792

T3 - Communications in Computer and Information Science

SP - 1

EP - 15

BT - Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings

A2 - Yan, Fei

A2 - Xu, Ming

A2 - Fu, Shaojing

A2 - Qin, Zheng

PB - Springer Verlag

T2 - 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017

Y2 - 14 September 2017 through 17 September 2017

ER -

Homology analysis method of worms based on attack and propagation features

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此