Homology analysis method of worms based on attack and propagation features

Liyan Wang; Jingfeng Xue; Yan Cui; Yong Wang; Chun Shan

doi:10.1007/978-981-10-7080-8_1

Homology analysis method of worms based on attack and propagation features

Liyan Wang, Jingfeng Xue, Yan Cui, Yong Wang, Chun Shan^*

^*Corresponding author for this work

School of Computer Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

Original language	English
Title of host publication	Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings
Editors	Fei Yan, Ming Xu, Shaojing Fu, Zheng Qin
Publisher	Springer Verlag
Pages	1-15
Number of pages	15
ISBN (Print)	9789811070792
DOIs	https://doi.org/10.1007/978-981-10-7080-8_1
Publication status	Published - 2017
Event	11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017 - Changsha, China Duration: 14 Sept 2017 → 17 Sept 2017

Publication series

Name	Communications in Computer and Information Science
Volume	704
ISSN (Print)	1865-0929

Conference

Conference	11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017
Country/Territory	China
City	Changsha
Period	14/09/17 → 17/09/17

Keywords

Feature engineering
Frequent pattern mining
Homology analysis
Sensitive behavior match
Worm

Access to Document

10.1007/978-981-10-7080-8_1

Cite this

Wang, L., Xue, J., Cui, Y., Wang, Y., & Shan, C. (2017). Homology analysis method of worms based on attack and propagation features. In F. Yan, M. Xu, S. Fu, & Z. Qin (Eds.), Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings (pp. 1-15). (Communications in Computer and Information Science; Vol. 704). Springer Verlag. https://doi.org/10.1007/978-981-10-7080-8_1

@inproceedings{e27629802df04d13bc1759c92673bc5c,

title = "Homology analysis method of worms based on attack and propagation features",

abstract = "Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what{\textquoteright}s more further improve the accuracy of the results of the homology analysis of worms.",

keywords = "Feature engineering, Frequent pattern mining, Homology analysis, Sensitive behavior match, Worm",

author = "Liyan Wang and Jingfeng Xue and Yan Cui and Yong Wang and Chun Shan",

note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2017.; 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017 ; Conference date: 14-09-2017 Through 17-09-2017",

year = "2017",

doi = "10.1007/978-981-10-7080-8_1",

language = "English",

isbn = "9789811070792",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "1--15",

editor = "Fei Yan and Ming Xu and Shaojing Fu and Zheng Qin",

booktitle = "Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings",

address = "Germany",

}

Wang, L, Xue, J, Cui, Y, Wang, Y & Shan, C 2017, Homology analysis method of worms based on attack and propagation features. in F Yan, M Xu, S Fu & Z Qin (eds), Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings. Communications in Computer and Information Science, vol. 704, Springer Verlag, pp. 1-15, 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017, Changsha, China, 14/09/17. https://doi.org/10.1007/978-981-10-7080-8_1

Homology analysis method of worms based on attack and propagation features. / Wang, Liyan; Xue, Jingfeng; Cui, Yan et al.
Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings. ed. / Fei Yan; Ming Xu; Shaojing Fu; Zheng Qin. Springer Verlag, 2017. p. 1-15 (Communications in Computer and Information Science; Vol. 704).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Homology analysis method of worms based on attack and propagation features

AU - Wang, Liyan

AU - Xue, Jingfeng

AU - Cui, Yan

AU - Wang, Yong

AU - Shan, Chun

N1 - Publisher Copyright: © Springer Nature Singapore Pte Ltd. 2017.

PY - 2017

Y1 - 2017

N2 - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

AB - Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

KW - Feature engineering

KW - Frequent pattern mining

KW - Homology analysis

KW - Sensitive behavior match

KW - Worm

UR - http://www.scopus.com/inward/record.url?scp=85036476954&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-7080-8_1

DO - 10.1007/978-981-10-7080-8_1

M3 - Conference contribution

AN - SCOPUS:85036476954

SN - 9789811070792

T3 - Communications in Computer and Information Science

SP - 1

EP - 15

BT - Trusted Computing and Information Security - 11th Chinese Conference, CTCIS 2017, Proceedings

A2 - Yan, Fei

A2 - Xu, Ming

A2 - Fu, Shaojing

A2 - Qin, Zheng

PB - Springer Verlag

T2 - 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017

Y2 - 14 September 2017 through 17 September 2017

ER -

Homology analysis method of worms based on attack and propagation features

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this