Top

International Journal of Information Security

Published in:

01-02-2015 | Regular Contribution

Malware analysis using visualized images and entropy graphs

Authors: Kyoung Soo Han, Jae Hyun Lim, Boojoong Kang, Eul Gyu Im

Published in: International Journal of Information Security | Issue 1/2015

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Today, along with the development of the Internet, the number of malicious software, or malware, distributed especially for monetary profits, is exponentially increasing, and malware authors are developing malware variants using various automated tools and methods. Automated tools and methods may reuse some modules to develop malware variants, so these reused modules can be used to classify malware or to identify malware families. Therefore, similarities may exist among malware variants can be analyzed and used for malware variant detections and the family classification. This paper proposes a new malware family classification method by converting binary files into images and entropy graphs. The experimental results show that the proposed method can effectively distinguish malware families.

next article The MALICIA dataset: identification and analysis of drive-by download operations

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Christodorescu, M., Jha, S.: Testing malware detectors. ACM SIGSOFT Softw. Eng. Notes 29(4), 34–44 (2004)CrossRef

Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual 2007, pp. 421–430. IEEE

Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Priv. 5(2), 32–39 (2007)CrossRef

Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM Conference on Computer and Communications Security 2011, pp. 309–320. ACM

Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security 2008, pp. 51–62. ACM

Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Security and Privacy, 2005 IEEE Symposium on 2005, pp. 32–46. IEEE

Cesare, S., Xiang, Y.: A fast flowgraph based classification system for packed and polymorphic malware on the endhost. In: Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on 2010, pp. 721–728. IEEE

Chowdhury, G.: Introduction to Modern Information Retrieval. Facet publishing (2010)

Shang, S., Zheng, N., Xu, J., Xu, M., Zhang, H.: Detecting malware variants via function-call graph similarity. In: Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on 2010, pp. 113–120. IEEE

10.

Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: Detection of new malicious code using n-grams signatures. In: Proceedings of Second Annual Conference on Privacy, Security and Trust 2004, pp. 193–196

11.

Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C., Bringas, P.G.: Idea: Opcode-sequence-based malware detection. In: Engineering Secure Software and Systems. pp. 35–43. Springer, Berlin (2010)

12.

Bilar, D.: Opcodes as predictor for malware. Int. J. Electron. Secur. Digit. Forensics 1(2), 156–168 (2007)CrossRef

13.

Han, K.S., Kim, S.-R., Im, E.G.: Instruction frequency-based malware classification method. INFORMATION Int. Interdiscip. J. 15(7), 2973–2984 (2012)

14.

Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Usenix Annual Technical Conference 2007

15.

Nair, V.P., Jain, H., Golecha, Y.K., Gaur, M.S., Laxmi, V.: MEDUSA: MEtamorphic malware dynamic analysis using signature from API. In: Proceedings of the 3rd International Conference on Security of Information and Networks 2010, pp. 263–269. ACM

16.

Miao, Q.-G., Wang, Y., Cao, Y., Zhang, X.-G., Liu, Z.-L.: APICapture-a tool for monitoring the behavior of malware. In: Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on 2010, pp. V4–390-V394-394. IEEE

17.

Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Security and Privacy (SP), 2010 IEEE Symposium on 2010, pp. 45–60. IEEE

18.

Trinius, P., Holz, T., Gobel, J., Freiling, F.C.: Visual analysis of malware behavior using treemaps and thread graphs. In: Visualization for Cyber Security, 2009. VizSec 2009. 6th International Workshop on 2009, pp. 33–38. IEEE

19.

Saxe, J., Mentis, D., Greamo, C.: Visualization of shared system call sequence relationships in large malware corpora. In: Proceedings of the Ninth International Symposium on Visualization for Cyber, Security 2012, pp. 33–40. ACM

20.

Conti, G., Dean, E., Sinda, M., Sangster, B.: Visual Reverse engineering of binary and data files. In: Visualization for Computer Security, pp. 1–17. Springer, Berlin (2008)

21.

Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static/dynamic gap. In: Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence 2012, pp. 3–14. ACM

22.

Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber, Security 2011, p. 4. ACM

23.

Torralba, A., Murphy, K.P., Freeman, W.T., Rubin, M.A.: Context-based vision system for place and object recognition. In: Computer Vision, 2003. Proceedings. Ninth IEEE International Conference on 2003, pp. 273–280. IEEE

24.

Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001)CrossRefMATH

25.

Siagian, C., Itti, L.: Rapid biologically-inspired scene classification using features shared with visual attention. IEEE Trans. Pattern Anal. Mach. Intell. 29(2), 300–312 (2007)CrossRef

26.

Nataraj, L., Yegneswaran, V., Porras, P., Zhang, J.: A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence 2011, pp. 21–30. ACM

27.

Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hack. Tech. 9, 179–192 (2013)

28.

Conti, G., Bratus, S., Shubina, A., Lichtenberg, A., Ragsdale, R., Perez-Alemany, R., Sangster, B., Supan, M.: A Visual Study of Primitive Binary Fragment Types. White Paper, Black Hat USA (2010)

29.

Kapur, J., Sahoo, P.K., Wong, A.: A new method for gray-level picture thresholding using the entropy of the histogram. Comput. Vis. Gr. Image Process. 29(3), 273–285 (1985)CrossRef

30.

Strelkov, V.: A new similarity measure for histogram comparison and its application in time series analysis. Pattern Recognit. Lett. 29(13), 1768–1774 (2008)CrossRef

31.

VxHeaven. http://vx.netlux.org/index.html

32.

Kaspersky Lab. http://www.kaspersky.com

33.

Gnuplot. http://www.gnuplot.info

34.

Karampatziakis, N., Stokes, J.W., Thomas, A., Marinescu, M.: Using file relationships in malware classification. In: Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 1–20. Springer, Berlin (2013)

Title: Malware analysis using visualized images and entropy graphs
Authors: Kyoung Soo Han
Jae Hyun Lim
Boojoong Kang
Eul Gyu Im
Publication date: 01-02-2015
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 1/2015
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-014-0242-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2015

Routing management for performance and security tradeoff in wireless mesh networks

The MALICIA dataset: identification and analysis of drive-by download operations

Information-theoretically secure oblivious polynomial evaluation in the commodity-based model

Modeling runtime enforcement with mandatory results automata

Implementing public-key cryptography on passive RFID tags is practical

A multiresolution approach for optimal defense against random attacks

Premium Partner