loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Hyoyoung Lim ; Yukiko Yamaguchi ; Hajime Shimada and Hiroki Takakura

Affiliation: Nagoya University, Japan

Keyword(s): Malware Classification, Sequence alignment, Clustering, Traffic Flow.

Abstract: Network-based malware classification plays an important role in improving system security than system-based malware classification. The vast majority of malware needs a network activity in order to accomplish its purpose (e.g., downloading malware, connecting to a C&C server, etc.). Many malware classification approaches based on network behavior have thus been proposed. Nevertheless, they merely rely on either a request URL or payload for signature matching. To classify the network activity of malware, the patterns of network behavior must be understood and the changes in behavior observed. Therefore, the sequence of flows and their correlation caused by the malware should be analysed. In this paper, we present a novel malware classification method based on clustering of flow features and sequence alignment algorithms for computing sequence similarity, which represents network behavior of malware. We focus on analysing the sequence similarity between the sequence patterns of malware traffic flow generated by executing malware on the dynamic analysing system. We also performed an evaluation by using malware traffic collected from a real environment. On the basis of our experimental results, we identified the most appropriate method for classifying malware by similarity of network activity. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 44.201.64.238

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Lim, H.; Yamaguchi, Y.; Shimada, H. and Takakura, H. (2015). Malware Classification Method Based on Sequence of Traffic Flow. In Proceedings of the 1st International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-081-9; ISSN 2184-4356, SciTePress, pages 230-237. DOI: 10.5220/0005235002300237

@conference{icissp15,
author={Hyoyoung Lim. and Yukiko Yamaguchi. and Hajime Shimada. and Hiroki Takakura.},
title={Malware Classification Method Based on Sequence of Traffic Flow},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - ICISSP},
year={2015},
pages={230-237},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005235002300237},
isbn={978-989-758-081-9},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - ICISSP
TI - Malware Classification Method Based on Sequence of Traffic Flow
SN - 978-989-758-081-9
IS - 2184-4356
AU - Lim, H.
AU - Yamaguchi, Y.
AU - Shimada, H.
AU - Takakura, H.
PY - 2015
SP - 230
EP - 237
DO - 10.5220/0005235002300237
PB - SciTePress