Title :
I-Filter: Identical Structured Control Flow String filter for accelerated malware variant classification
Author :
Taegyu Kim ; Woomin Hwang ; Ki-Woong Park ; Kyu Ho Park
Author_Institution :
Korea Adv. Inst. of Sci. & Technol., Daejeon, South Korea
Abstract :
As the number of malware variants has grown rapidly, classification speed has become crucial in security issues. While several techniques for malware variant classification have been proposed, they involve a speed-accuracy trade-off. In an attempt to achieve a speedy and accurate malware variant classification, we thoroughly analyze previously proposed methods and identify a critical performance bottleneck in string-to-string matching. This paper presents and evaluates a technique called I-Filter that enhances the performance of the previous approach, approximate matching. I-Filter has the following novel mechanism, the hash-based equivalent procedure matching technique. Our performance evaluation confirms that a performance improvement of on average 1,043 times through I-Filtering.
Keywords :
invasive software; pattern classification; pattern matching; I-filtering; accelerated malware variant classification; classification speed; hash-based equivalent procedure matching technique; identical structured control flow string filter; security issues; speed-accuracy trade-off; string-to-string matching; Acceleration; Databases; Equations; Flow graphs; Malware; Mathematical model; Time complexity; database; identical structured control flow; malware variant classification;
Conference_Titel :
Biometrics and Security Technologies (ISBAST), 2014 International Symposium on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4799-6443-7
DOI :
10.1109/ISBAST.2014.7013126
