Abstract
Recent malware is becoming sophisticated year by year. It often uses common protocols like HTTP to imitate normal communications. So, we have to consider activities in common protocols when we analyze malware. Meanwhile, the number of malware analysts is insufficient compared to new malware generation speed. To solve this problem, there is expectation to a malware classification method which classifies huge number malware with quickness and accurate. With this method, malware analysts can dedicate to the investigation of new types of malware. In this paper, we propose a malware classification method using Session Sequence of common protocols which classifies malware into new or existing one. Furthermore, if the malware is classified as existing malware, the proposed method also classifies it into existing malware families. We evaluated our proposed method with traffics of 502 malware samples. The experimental results shows that our method can correctly judge and classify in 84.5% accuracy.
Author supplied keywords
Cite
CITATION STYLE
Hiruta, S., Yamaguchi, Y., Shimada, H., Takakura, H., Yagi, T., & Akiyama, M. (2016). Evaluation on malware classification by session sequence of common protocols. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10052 LNCS, pp. 521–531). Springer Verlag. https://doi.org/10.1007/978-3-319-48965-0_31
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
