Abstract
In the past ten years, our team has developed a method called morphological analysis that deals with malware detection. Morphological analysis focuses on algorithms. Here, we want to identify programs through their functions, and more precisely with the intention of those functions. The intention is described as a vector in a high dimensional vector space in the spirit of compositional semantics. We show how to use the intention of functions for their clustering. In a last step, we describe some experiments showing the relevance of the clustering and some of some possible applications for malware identification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
but not fully!
- 2.
or must not.
- 3.
Being unique up to isomorphism, the definition does not depend on this choice.
References
Abramsky, S., Sadrzadeh, M.: Semantic unification. In: Casadio, C., Coecke, B., Moortgat, M., Scott, P. (eds.) Categories and Types in Logic, Language, and Physics. LNCS, vol. 8222, pp. 1–13. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54789-8_1
Beaucamps, P., Gnaedig, I., Marion, J.-Y.: Behavior abstraction in malware analysis. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 168–182. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16612-9_14
Bird, S.: NLTK Documentation (2015)
Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Architecture of a morphological malware detector. J. Comput. Virol. 5(3), 263–270 (2009)
Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006)
Bonfante, G., Marion, J.-Y., Sabatier, F.: Gorille sniffs code similarities, the case study of Qwerty versus Regin. In: Osorio, F.C. (ed.) Malware Conference, p. 8, Fajardo, Puerto Rico. IEEE, October 2015
Calvet, J.: Tripoux: reverse-engineering of malware packers for dummies. In: DeepSec 2010 (2010)
Copestake, A., Herbelot, A.: Lexicalised compositionality (2016)
Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251–266 (2008)
Kaczmarek, M.: Malware instrumentation application to regin analysis. In: Freyssinet, E. (ed.) Malware Conference, p. 16, Paris, France, November 2015
LeDoux, C., Lakhotia, A.: Malware and machine learning. In: Yager, R.R., Reformat, M.Z., Alajlan, N. (eds.) Intelligent Methods for Cyber Warfare. SCI, vol. 563, pp. 1–42. Springer, Heidelberg (2015). doi:10.1007/978-3-319-08624-8_1
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, ICTAI 2013, pp. 300–305, Washington, DC, USA. IEEE Computer Society (2013)
Quéré, R.: Some proposals for comparison of soft partitions. Ph.D. Université de La Rochelle, December 2012
Ross, D.T.: Structured analysis (SA): a language for communicating ideas. IEEE Trans. Softw. Eng. 3(1), 16–34 (1977)
Schuetze, H.: Automatic word sense discrimination. Comput. Linguist. 1(24), 97–123 (1998)
Sheikhalishahi, M., Saracino, A., Mejri, M., Tawbi, N., Martinelli, F.: Fast and effective clustering of spam emails based on structural similarity. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) Foundations and Practice of Security. LNCS, vol. 9482, pp. 195–211. Springer, Heidelberg (2016)
Symantec. 2016 Internet Security Threat Report (2016)
Teh, A., Stewart, A.: Human-readable real-time classifications of malicious executables. In: 10th Australian Information Security Management Conference (2012)
Acknowledgment
The authors would like to thank Jean-Yves Marion and Mizuhito Ogawa for early discussions and Fabrice Sabatier and Alexis Lartigue for discussions and some experiments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bonfante, G., Nogues, J.O. (2017). Function Classification for the Retro-Engineering of Malwares. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-51966-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51965-4
Online ISBN: 978-3-319-51966-1
eBook Packages: Computer ScienceComputer Science (R0)