Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1013

Authorship Attribution Framework Using Survival Network Concept : Semantic Features and Tolerances  

Hwang, Cheol-Hun (Gachon University)
Shin, Gun-Yoon (Gachon University)
Kim, Dong-Wook (Gachon University)
Han, Myung-Mook (Gachon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1013-1021 More about this Journal
Abstract
Malware Authorship Attribution is a research field for identifying malware by comparing the author characteristics of unknown malware with the characteristics of known malware authors. The authorship attribution method using binaries has the advantage that it is easy to collect and analyze targeted malicious codes, but the scope of using features is limited compared to the method using source code. This limitation has the disadvantage that accuracy decreases for a large number of authors. This study proposes a method of 'Defining semantic features from binaries' and 'Defining allowable ranges for redundant features using the concept of survival network' to complement the limitations in the identification of binary authors. The proposed method defines Opcode-based graph features from binary information, and defines the allowable range for selecting unique features for each author using the concept of a survival network. Through this, it was possible to define the feature definition and feature selection method for each author as a single technology, and through the experiment, it was confirmed that it was possible to derive the same level of accuracy as the source code-based analysis with an improvement of 5.0% accuracy compared to the previous study.
Keywords
Authorship Attribution; Survival Network; Call Graph; Cosine Similarity; Support Vector Machine;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 D. I. Holmes, "Authorship Attribution," Computers and the Humanities, vol. 28, no. 2, pp. 87-106, Apr. 1994.   DOI
2 S. Alrabaee, P. Shirani, M. Debbabi, and L. Wang, "On the Feasibility of Malware Authorship Attribution," International Symposium on Foundations and Practice of Security. Springer, pp. 256-272, Jan. 2017.
3 E. Stamatatos, "A survey of modern authorship attribution methods," Journal of the American Society for information Science and Technology, vol. 60, no. 3, pp. 538-556, Mar. 2009.   DOI
4 Q. Zhang, DS. Reeves, "MetaAware: Identifying Metamorphic Malware," Twenty-Third Annual Computer Security Applications Conference IEEE, pp. 411-420, Dec. 2007.
5 B. Kang, S. Yerima, K. McLaughlin, S. Sezer, "PageRank in Malware Categorization," Proceedings of the 2015 Conference on research in adaptive and convergent systems, pp.291-295, Oct. 2015.
6 A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, "De-anonymizing Program -mers via Code Stylometry," 24th USENIX Security Symposium Security 15, pp. 255-270, Aug. 2015.
7 Y. Ye, T. Li, D. Adjeroh, and S.S. Iyengar, "A survey on malware detection using data mining techniques," ACM Computing Surveys CSUR, vol. 50, no. 2, pp. 1-41, Jun. 2017.
8 Su-jeong Kim, Ji-hee Ha, Soo-hyun Oh, and Tae-jin Lee, "A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique," Journal of the Korea Institute of Information Security & Cryptology, vol. 29, no. 4, pp. 775-784, Aug. 2019.   DOI
9 D. Canali, A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, E. Kirda, "A Quantitative Study of Accuracy in System Call-Based Malware Detection," Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122-132, Jul. 2012.
10 M. Christodorscu, S. Jha, C. Kruegel, "Mining specifications of malicious behavior," Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, pp. 5-14, Sep. 2007.
11 A. Saadatpour, RS. Wang, A. Liao, X. Liu, T. P. Loughran, I. Albert, R. Albert, "Dynamical and Structural Analysis of a T Cell Survival Network Identifies Novel Candidate Therapeutic Targets for Large Granular Lymphocyte Leukemia," PLoS computational biology, vol. 7, no. 11, pp. 1-15, Nov. 2011.
12 V. Q. Marinho, G. Hirst and D. R. Amancio, "Authorship Attribution via network motifs identification," In Proceedings of 5th Brazilian Conference on Intelligent Systems, pp. 355-360, Oct. 2016.
13 B. Coen, E. Poll, A. C. Searban "Applying Supervised Learning on Malware Authorship Attribution," Digital Security Group Institute for Computing and Information Sciences, Radboud University Nijmegen, pp. 1-85, May 2019.
14 S. Han, C. Qubo, and H. Meng, "Parameter selection in SVM with RBF kernel function," In Proceedings of World Automation Congress, pp. 1-4, Jun. 2012.