Browse > Article
http://dx.doi.org/10.5392/JKCA.2014.14.10.032

Development of a Performance Evaluation Model on Similarity Measurement Method of Malware  

Chu, Sung-Taek (공주대학교 융합과학과)
Kim, HeeSeok (한국과학기술정보연구원 과학기술사이버안전센터)
Im, Kwang-Hyuk (배재대학교 전자상거래학과)
Kim, Kyu-Il (한국과학기술정보연구원 과학기술사이버안전센터)
Seo, Chang-Ho (공주대학교 융합과학과)
Publication Information
The Journal of the Korea Contents Association / v.14, no.10, 2014 , pp. 32-40 More about this Journal
Abstract
While there is a great demand for malware classification to reduce the time required in malware analysis and find a new type of malware, various similarity measurement methods of malware to classify a lot of malwares have been proposed. But, the existing methods to measure similarity just represented the classification results by them and have not carried out performance comparison with other methods. This is because an evaluation model to compare the performance of similarity measurement methods is non-existent. In this paper, we propose a new performance evaluation model on similarity measurement methods of malware by using two indicators: success rate and degree of confidence. In addition, we compare and evaluate the performance of existing similarity measurement methods by using these two indicators.
Keywords
Malware Classification; Similarity Measurement Method; Static Analysis; Dynamic Analysis; Honeypot;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 M. Bailey, J. Oberheide, J. Andersen, and Z. M. Mao, "Automated classification and analysis of Internet malware," RAID 2007, LNCS 4637, Springer-Verlag, pp.178-197, 2007.
2 K. Rieck, T. Holz, C.Willems, P. Dussel, and P. Laskov, "Learning and classification of malware behavior," DIMVA 2008, LNCS 5137, Springer-Verlag, pp.108-125, 2008.
3 J. Nakazato, J. Song, M. Eto, D. Inoue, and K. Nakao, "A novel malware clustering method using frequency of function call traces in parallel threads," IEICE Trans. on Inf. And Syst., Vol.E94-D, No.11, pp.2150-2158, 2011.   DOI
4 K. Iwamoto and K. Wasaki, "Malware Classification based on Extracted API Sequences using Static Analysis," AINTEC 2012, ACM, pp.31-38, 2012.
5 V. P., H. Jain, Y. K. Golecha, M. S. Gaur, and V. Laxmi, "Medusa: MEtamorphic Malware Dynamic Analysis Using Signature from API," SIN 2010, ACM, pp.263-269, 2010.
6 http://www.opswat.com/about/media/reports/antivirus-january-2014
7 김성환, 조환규, "PAM 행렬 모델을 이용한 음소간 유사도 자동 계산 기법", 한국콘텐츠학회논문지, 제12권, 제3호, pp.34-43, 2012.
8 http://www.cuckoosandbox.org/
9 유주원, 김종원, 최종욱, 배경율, "개선된 비디오 장면 유사도 검출 알고리즘", 한국콘텐츠학회논문지, 제9권, 제2호, pp.43-50, 2009.   과학기술학회마을   DOI   ScienceOn