政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/146896
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113318/144297 (79%)
Visitors : 51088305      Online Users : 934
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/146896
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/146896


    Title: 基於基因演算法的惡意軟體標籤共識評分系統
    A Novel Scoring System with Genetic Algorithm for Consensus Reaching in Malware Labels
    Authors: 王詩渝
    Wang, Shih-Yu
    Contributors: 蕭舜文
    Hsiao, Shun-Wen
    王詩渝
    Wang, Shih-Yu
    Keywords: 惡意軟體分群
    基因演算法
    成對比較
    共識達成系統
    Malware clustering
    Genetic algorithm
    Pairwise comparison
    Consensus reaching system
    Date: 2023
    Issue Date: 2023-09-01 14:55:23 (UTC+8)
    Abstract: 識別惡意軟體家族對於網絡安全研究人員來說至關重要。通常,防病毒軟體分析商會提供稱為AV標籤的惡意軟體標籤,其標籤根據病毒行為對惡意軟體樣本進行分類。然而,由於每個防病毒軟體分析商的觀點和分析方法不同,這些標籤經常具有不一致的格式和名稱。這種不一致性造成了標籤參考的混亂並降低了可信度。一些過往的方法為了解決這個問題,依賴於不一定有意義的加權方式來對分析商做篩選,或可能依賴於有偏見的投票制度。為了解決這個問題,我們提出了一種名為成對共識分數(PCS)的新穎評分系統。這種評分方法基於命名邏輯,以找出該群集是否與其他意見相似,而不是使用標籤名稱來判斷結果的質量。我們的共識達成過程結合了PCS和基因演算法,以根據不同的防病毒軟體分析商之間的協議對惡意軟體樣本進行分群分析,並找到最佳的標籤以良好地將惡意軟體進行分群並貼標。實驗結果顯示,我們的方法優於現有的方法,為惡意軟體樣本提供了更一致且可信的AV標籤。
    Identifying malware families is crucial for researchers in cybersecurity. Usually, antivirus vendors provide malware labels called AV labels to categorize malware samples based on their behavior. However, due to the different viewpoints and analysis methods of each antivirus vendor, the labels often have inconsistent formats and names. This inconsistency creates clutter and reduces trustworthiness. Some previous approaches to address this issue relied on weightings that are not necessarily meaningful, or majority voting that can be biased. To solve this problem, we propose a novel scoring system called Pairwise Consensus Score (PCS). The scoring method is based on naming logic to determine whether the cluster is similar to other opinions instead of using labels to judge the quality of the results. Our consensus reaching process combines PCS and a Genetic Algorithm to cluster malware samples based on agreement among different antivirus vendors and find the best label that clusters the malware well. Experimental results show that our method outperforms existing methods, providing more consistent and trustworthy AV labels for malware samples.
    Reference: Afianian, A., Niksefat, S., Sadeghiyan, B., and Baptiste, D. (2019). Malware dynamic
    analysis evasion techniques: A survey. ACM Computing Surveys (CSUR), 52(6):1–28.
    angavarapu, T. and Patil, N. (2019). A novel filter–wrapper hybrid greedy ensemble
    approach optimized using the genetic algorithm to reduce the dimensionality of high-
    dimensional biomedical datasets. Applied Soft Computing, 81:105538.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. (2014).
    Drebin: Effective and explainable detection of android malware in your pocket. Ndss,
    14:23–26.
    Babaagba, K. O. and Adesanya, S. O. (2019). A study on the effect of feature selection on
    malware analysis using machine learning. In Proceedings of the 2019 8th international
    conference on educational and information technology, pages 51–55.
    Bacci, A., Bartoli, A., Martinelli, F., Medvet, E., Mercaldo, F., Visaggio, C. A., et al.
    (2018). Impact of code obfuscation on android malware detection based on static and
    dynamic analysis. ICISSP, pages 379–385.
    Bakour, K. and Ünver, H. M. (2020). Visdroid: Android malware classification based on
    local and global image features, bag of visual words and machine learning techniques.
    Neural Computing and Applications, 33:3133–3153.
    Bontchev, V. (2005). Current status of the caro malware naming scheme. Virus Bulletin,
    15.
    Dib, M. (2021). On Leveraging Next-Generation Deep Learning Techniques for IoT Mal-
    ware Classification, Family Attribution and Lineage Analysis. PhD thesis, Concordia
    University.
    Ducau, F. N., Rudd, E. M., Heppner, T. M., Long, A., and Berlin, K. (2019). Automatic
    malware description via attribute tagging and similarity embedding. arXiv preprint
    arXiv:1905.06262.
    D’Angelo, G., Ficco, M., and Palmieri, F. (2021). Association rule-based malware
    classification using common subsequences of api calls. Applied Soft Computing,
    105:107234.
    Fatima, A., Maurya, R., Dutta, M. K., Burget, R., and Masek, J. (2019). ndroid mal-
    ware detection using genetic algorithm based optimized feature selection and machine
    learning. 42nd International conference on telecommunications and signal processing
    (TSP), pages 220–223.
    Fejrskov, M., Vasilomanolakis, E., and Pedersen, J. M. (2022). A study on the use of
    3rd party dns resolvers for malware filtering or censorship circumvention. ICT Systems
    Security and Privacy Protection, 648.
    Garg, V. and Yadav, R. K. (2020). Malware detection using multilevel ensemble super-
    vised learning. In International Conference on Communication and Intelligent Systems,
    pages 219–231. Springer.
    Hamid, I. R. A., Khalid, N. S., Abdullah, N. A., Rahman, N. H. A., and Wen, C. C. (2017).
    Android malware classification using k-means clustering algorithm. IOP Conference
    Series: Materials Science and Engineering, 226:012105.
    Holland, J. H. (1922). Adaptation in natural and artificial systems: an introductory analysis
    with applications to biology, control, and artificial intelligence. MIT press.
    Hsiao, S.-W., Sun, Y. S., and Chen, M. C. (2016). Behavior grouping of android malware
    family. 2016 IEEE International Conference on Communications (ICC), pages 1–6.
    Hurier, M., Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. (2016). n the lack
    of consensus in anti-virus decisions: Metrics and insights on building ground truths of
    android malware. Detection of Intrusions and Malware, and Vulnerability Assessment:
    13th International Conference DIMVA, pages 142–162.
    Hurier, M., Suarez-Tangil, G., Dash, S. K., Bissyandé, T. F., Le Traon, Y., Klein, J., and
    Cavallaro, L. (2017). Euphony: Harmonious unification of cacophonous anti-virus ven-
    dor labels for android malware. International Conference on Mining Software Reposi-
    tories, 14:425–435.
    Jang, J., Brumley, D., and Venkataraman, S. (2011). Bitshred: feature hashing malware
    for scalable triage and semantic analysis. Proceedings of the 18th ACM conference on
    Computer and communications security, pages 309–320.
    Kotzias, P., Matic, S., Rivera, R., and Caballero, J. (2015). Certified pup: abuse in authen-
    ticode code signing. Proceedings of the 22nd ACM SIGSAC Conference on Computer
    and Communications Security, pages 465–478.
    Kumar, S. and Mittal, S. K. (2020). Email spam and malware filtering using machine
    learning and its applications. In Performance Management, pages 25–32. CRC Press.
    Laboratories, N. A. R. (2021). Narlabs. https://owl.nchc.org.tw/malware.php.
    Pektaş, A. and Acarman, T. (2018). Malware classification based on api calls and be-
    haviour analysis. IET Information Security, 12(2):107–117.
    Perdisci, R. and U, M. (2012). Vamo: towards a fully automated malware clustering va-
    lidity analysis. Proceedings of the 28th Annual Computer Security Applications Con-
    ference, pages 329–338.
    Salem, A., Banescu, s., and Pretschner, A. (2021). Maat: Automatically analyzing virusto-
    tal for accurate labeling and effective malware detection. ACM Transactions on Privacy
    and Security (TOPS), 24(4):1–35.
    Sebastin, M., Rivera, R., Kotzias, P., and Caballero, J. (2016). Avclass: A tool for massive
    malware labeling. Research in Attacks, Intrusions, and Defenses, 9854:230––253.
    Shukla, A., Pandey, H. M., and Mehrotra, D. (2015). Comparative review of selection
    techniques in genetic algorithm. International Conference on Futuristic Trends on Com-
    putational Analysis and Knowledge Management (ABLAZE), pages 515–519.
    SonicWall (2023). 2022 cyber threat report.
    Sung, A. H., Xu, J., Chavez, P., and Mukkamala, S. (2004). Static analyzer of vicious
    executables (save). 20th Annual Computer Security Applications Conference, 326–334.
    Usharani, S., Bala, P. M., and Mary, M. M. J. (2021). Dynamic analysis on crypto-
    ransomware by using machine learning: Gandcrab ransomware. Journal of Physics:
    Conference Series, 1717(1):012024.
    Virustotal (2023). Virustotal.
    Visalakshi, P. (2020). Detecting android malware using an improved filter based technique
    in embedded software. Microprocessors and Microsystems, 76:103115.
    Wu, Z. and Chen, Y. (2001). Genetic algorithm based selective neural network ensemble.
    IJCAI-01: proceedings of the Seventeenth International Joint Conference on Artificial
    Intelligence, Seattle, Washington.
    Yoo, S., Kim, S., Kim, S., and Kang, B. B. (2021). Ai-hydra: Advanced hybrid approach
    using random forest and deep learning for malware classification. Information Sciences,
    546:420–435.
    Zhu, S., Shi, J., Yang, L., Qin, B., Zhang, Z., Song, L., and Wang, G. (2020). Measuring
    and modeling the label dynamics of online anti-malware engines. USENIX Security
    Symposium, pages 2361–23
    Description: 碩士
    國立政治大學
    資訊管理學系
    110356044
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0110356044
    Data Type: thesis
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File Description SizeFormat
    604401.pdf1693KbAdobe PDF224View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback