TY - GEN
T1 - Homology analysis method of worms based on attack and propagation features
AU - Wang, Liyan
AU - Xue, Jingfeng
AU - Cui, Yan
AU - Wang, Yong
AU - Shan, Chun
N1 - Publisher Copyright:
© Springer Nature Singapore Pte Ltd. 2017.
PY - 2017
Y1 - 2017
N2 - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.
AB - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.
KW - Feature engineering
KW - Frequent pattern mining
KW - Homology analysis
KW - Sensitive behavior match
KW - Worm
UR - http://www.scopus.com/inward/record.url?scp=85036476954&partnerID=8YFLogxK
U2 - 10.1007/978-981-10-7080-8_1
DO - 10.1007/978-981-10-7080-8_1
M3 - Conference contribution
AN - SCOPUS:85036476954
SN - 9789811070792
T3 - Communications in Computer and Information Science
SP - 1
EP - 15
BT - Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings
A2 - Yan, Fei
A2 - Xu, Ming
A2 - Fu, Shaojing
A2 - Qin, Zheng
PB - Springer Verlag
T2 - 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017
Y2 - 14 September 2017 through 17 September 2017
ER -