E-resources
Peer reviewed
-
Huang, Yuyao; Shu, Hui; Kang, Fei
Computers & security, June 2022, 2022-06-00, 20220601, Volume: 117Journal Article
In recent years, malware has grown faster than ever in volume, form and harmfulness. While existing static or dynamic analysis techniques can meet the common user needs for malware detection, analysts desire a more detailed overview to uncover the program architecture. Malware often force research into difficulties due to their complex anti-analysis techniques, which call for a quick analysis of program structure and components to clarify malware functional semantics. In this paper, we use community discovery methods to automate the malware program components analysis from the intuition of modular programing principles. Specifically, we design and implement DeMal, a solution to the malware module decomposition problem. It achieves remodularization by recovering program call relationships, extracting structure-related attributes, and applying an ensemble model of multiple community discovery algorithms. DeMal takes a malicious executable as input and predicts its code composition structure. In an evaluation with 155 malware samples, DeMal performs well on achieving an average F1-score of 71.3%, and 14.5% of the samples reach an average precision of 90%. The analysis time on each sample is about 19.79s. On extended experiments with 1,621 benign programs and over 10,000 stripped malware samples, we also verify DeMal's scalability on common programs as well as the large-scale performance, respectively. The visualization of the results also strongly demonstrates DeMal's module decomposition capabilities.
Shelf entry
Permalink
- URL:
Impact factor
Access to the JCR database is permitted only to users from Slovenia. Your current IP address is not on the list of IP addresses with access permission, and authentication with the relevant AAI accout is required.
Year | Impact factor | Edition | Category | Classification | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Select the library membership card:
If the library membership card is not in the list,
add a new one.
DRS, in which the journal is indexed
Database name | Field | Year |
---|
Links to authors' personal bibliographies | Links to information on researchers in the SICRIS system |
---|
Source: Personal bibliographies
and: SICRIS
The material is available in full text. If you wish to order the material anyway, click the Continue button.