Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014, Article ID 132713, 15 pages
http://dx.doi.org/10.1155/2014/132713
Research Article

Malware Analysis Using Visualized Image Matrices

1Department of Computer and Software, Hanyang University, Seoul 133-791, Republic of Korea
2Department of Electronics and Computer Engineering, Hanyang University, Seoul 133-791, Republic of Korea
3Division of Computer Science and Engineering, Hanyang University, Seoul 133-791, Republic of Korea

Received 14 March 2014; Accepted 19 May 2014; Published 16 July 2014

Academic Editor: Fei Yu

Copyright © 2014 KyoungSoo Han et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. M. Christodorescu and S. Jha, “Testing malware detectors,” in Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '04), pp. 34–44, July 2004. View at Scopus
  2. B. Kang, T. Kim, H. Kwon, Y. Choi, and E. G. Im, “Malware classification method via binary content comparison,” in Proceedings of the ACM Research in Applied Computation Symposium (RACS '12), pp. 316–321, San Antonio, Tex, USA, October 2012. View at Publisher · View at Google Scholar · View at Scopus
  3. A. Moser, C. Kruegel, and E. Kirda, “Limits of static analysis for malware detection,” in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC '07), pp. 421–430, Miami Beach, Fla, USA, 2007.
  4. M. D. Ernst, “Static and dynamic analysis: synergy and duality,” in Proceedings of the ICSE Workshop on Dynamic Analysis (WODA '03), pp. 24–27, Citeseer, 2003.
  5. S. Cesare and Y. Xiang, “A fast flowgraph based classification system for packed and polymorphic malware on the endhost,” in Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA '10), pp. 721–728, Perth, Australia, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  6. G. Bonfante, M. Kaczmarek, and J.-Y. Marion, “Architecture of a morphological malware detector,” Journal in Computer Virology, vol. 5, pp. 263–270, 2009. View at Google Scholar
  7. I. Briones and A. Gomez, “Graphs, entropy and grid computing: automatic comparison of malware,” in Proceedings of the Virus Bulletin Conference (VB '08), pp. 1–12, Ottawa, Canada, October 2008, http://pandalabs.pandasecurity.com/blogs/images/PandaLabs/2008/10/07/IsmaelBriones-VB2008.pdf.
  8. S. Shang, N. Zheng, J. Xu, M. Xu, and H. Zhang, “Detecting malware variants via function-call graph similarity,” in Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE '10), pp. 113–120, Nancy, France, 2010. View at Publisher · View at Google Scholar
  9. J. Kinable and O. Kostakis, “Malware classification based on call graph clustering,” Journal in Computer Virology, vol. 7, no. 4, pp. 233–245, 2011. View at Publisher · View at Google Scholar · View at Scopus
  10. S. M. Tabish, M. Z. Shafiq, and M. Farooq, “Malware detection using statistical analysis of byte-level file content,” in Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics (CSI-KDD '09), pp. 23–31, ACM, June 2009. View at Publisher · View at Google Scholar · View at Scopus
  11. B. B. Rad and M. Masrom, “Metamorphic virus variants classification using opcode frequency histogram,” in Proceedings of the 14th WSEAS International Conference on Computers, pp. 147–155, Corfu Island, Greece, July 2010.
  12. D. Bilar, “Opcodes as predictor for malware,” International Journal of Electronic Security and Digital Forensics, vol. 1, pp. 156–168, 2007. View at Publisher · View at Google Scholar
  13. K. S. Han, S.-R. Kim, and E. G. Im, “Instruction frequency-based malware classification method,” Information, vol. 15, no. 7, pp. 2973–2984, 2012. View at Google Scholar · View at Scopus
  14. I. Santos, F. Brezo, J. Nieves et al., “Idea: Opcode-sequence-based malware detection,” in Engineering Secure Software and Systems, pp. 35–43, Springer, 2010. View at Google Scholar
  15. A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala, “Static analyzer of vicious executables (SAVE),” in Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC '04), pp. 326–334, December 2004. View at Publisher · View at Google Scholar · View at Scopus
  16. A. Walenstein, M. Venable, M. Hayes, C. Thompson, and A. Lakhotia, “Exploiting similarity between variants to defeat malware,” in Proceedings of the BlackHat DC Conference, 2007.
  17. G. Chowdhury, Introduction to Modern Information Retrieval, Facet publishing, 2010.
  18. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. X. Song, “Dynamic spyware analysis,” in Proceedings of the Usenix Annual Technical Conference, pp. 233–246, 2007.
  19. M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, “Synthesizing near-optimal malware specifications from suspicious behaviors,” in Proceeding of the 31st IEEE Symposium on Security and Privacy (SP '10), pp. 45–60, Oakland, Calif, USA, May 2010. View at Publisher · View at Google Scholar · View at Scopus
  20. P. Vinod, H. Jain, Y. K. Golecha, M. S. Gaur, and V. Laxmi, “Medusa: metamorphic malware dynamic analysis using signature from API,” in Proceedings of the 3rd International Conference on Security of Information and Networks (SIN '10), pp. 263–269, ACM, September 2010. View at Publisher · View at Google Scholar · View at Scopus
  21. Q. G. Miao, Y. Wang, Y. Cao, X. G. Zhang, and Z. L. Liu, “APICapture—a tool for monitoring the behavior of malware,” in Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE '10), pp. V4-390–V4-394, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  22. K. S. Han, J. H. Lim, B. Kang, and E. G. Im, “Malware analysis using visualized images and entropy graphs,” International Journal of Information Security, 2014. View at Publisher · View at Google Scholar
  23. P. Trinius, T. Holz, J. Göbel, and F. C. Freiling, “Visual analysis of malware behavior using treemaps and thread graphs,” in Proceedings of the 6th International Workshop on Visualization for Cyber Security (VizSec '09), pp. 33–38, Atlantic City, NJ, USA, October 2009. View at Publisher · View at Google Scholar · View at Scopus
  24. J. Saxe, D. Mentis, and C. Greamo, “Visualization of shared system call sequence relationships in large malware corpora,” in Proceedings of the 9th International Symposium on Visualization for Cyber Security (VizSec '12), pp. 33–40, ACM, October 2012. View at Publisher · View at Google Scholar · View at Scopus
  25. G. Conti, E. Dean, M. Sinda, and B. Sangster, “Visual reverse engineering of binary and data files,” in Visualization for Computer Security, pp. 1–17, Springer, Berlin, Germany, 2008. View at Google Scholar
  26. B. Anderson, C. Storlie, and T. Lane, “Improving malware classification: bridging the static/dynamic gap,” in Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence (AISec '12), pp. 3–14, Raleigh, NC, USA, October 2012. View at Publisher · View at Google Scholar · View at Scopus
  27. L. Nataraj, S. Karthikeyan, G. Jacob, and B. Manjunath, “Malware images: visualization and automatic classification,” in Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 4, ACM, 2011.
  28. A. Oliva and A. Torralba, “Modeling the shape of the scene: a holistic representation of the spatial envelope,” International Journal of Computer Vision, vol. 42, no. 3, pp. 145–175, 2001. View at Publisher · View at Google Scholar · View at Scopus
  29. A. Torralba, K. P. Murphy, W. T. Freeman, and M. A. Rubin, “Context-based vision system for place and object recognition,” in Proceedings of the 9th IEEE International Conference on Computer Vision, pp. 273–280, IEEE, October 2003. View at Scopus
  30. L. Nataraj, V. Yegneswaran, P. Porras, and J. Zhang, “A comparative assessment of malware classification using binary texture analysis and dynamic analysis,” in Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec '11), pp. 21–30, 2011. View at Publisher · View at Google Scholar
  31. Y. Kang and A. Sugimoto, “Image categorization and semantic segmentation using scale-optimized textons,” Journal of IT Convergence Practice, vol. 2, pp. 2–14, 2014. View at Google Scholar
  32. C. Eagle, The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, No Starch Press, 2008.
  33. O. Yuschuk, “Ollydbg,” 2007, http://www.ollydbg.de.
  34. Y. Wei, Z. Zheng, and N. Ansari, “Revealing packed malware,” IEEE Security and Privacy, vol. 6, no. 5, pp. 65–69, 2008. View at Publisher · View at Google Scholar · View at Scopus
  35. P. Royal, M. Halpin, D. Dagon, R. Edmonds, and W. Lee, “PolyUnpack: automating the hidden-code extraction of unpack-executing malware,” in Proceeding of the 22nd Annual Computer Security Applications Conference (ACSAC '06), pp. 289–300, Miami Beach, Fla, USA, December 2006. View at Publisher · View at Google Scholar · View at Scopus
  36. S. Berkowits, “Pin—A Dynamic Binary Instrumentation Tool,” 2012, https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool.
  37. B. Kang, K. S. Han, B. Kang, and E. G. Im, “Malware categorization using dynamic mnemonic frequency analysis with redundancy filtering,” 2013. View at Publisher · View at Google Scholar
  38. M. S. Charikar, “Similarity estimation techniques from rounding algorithms,” in Proceedings of the 34th Annual ACM Symposium on Theory of Computing, pp. 380–388, ACM, New York, NY, USA, 2002. View at Publisher · View at Google Scholar · View at MathSciNet
  39. D. Androutsos, K. N. Plataniotis, and A. N. Venetsanopoulos, “Novel vector-based approach to color image retrieval using a vector angular-based distance measure,” Computer Vision and Image Understanding, vol. 75, no. 1, pp. 46–58, 1999. View at Publisher · View at Google Scholar · View at Scopus
  40. K. S. Han, J. H. Lim, and E. G. Im, “Malware analysis method using visualization of binary files,” in Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 317–321, ACM, 2013.