Malfinder: Accelerated Malware Classification System through Filtering on Manycore System

Taegyu Kim, Woomin Hwang, Chulmin Kim, Dong-Jae Shin, Ki-Woong Park, Kyu Ho Park

2015

Abstract

Control flow matching methods have been utilized to detect malware variants. However, as the number of malware variants has soared, it has become harder and harder to detect all malware variants while maintaining high accuracy. Even though many researchers have proposed control flow matching methods, there is still a trade-off between accuracy and performance. To solve this trade-off, we designed Malfinder, a method based on approximate matching, which is accurate but slow. To overcome its low performance, we resolve its performance bottleneck and non-parallelism on three fronts: I-Filter for identical string matching, table division to exclude unnecessary comparisons with some malware and dynamic resource allocation for efficient parallelism. Our performance evaluation shows that the total performance improvement is 280.9 times.

References

  1. Baeza-Yates, R. and Navarro, G. (1998). Fast Approximate String Matching in a Dictionary. In Proceedings of A South America Symposium on String Processing and Information Retrieval, SPIRE 1998, pages 14-22, IEEE.
  2. Cesare, S. and Xiang, Y. (2010). Classification of Malware Using Structured Control Flow. In Proceedings of Australasian Symposium on parallel and Distributed Computing, AusPDC 2010, pages 61-70, ACM.
  3. Cesare, S., Xiang, Y. and Zhou, W. (2013). Malwise-An Effective and Efficient Classification System for Packed and Polymorphic Malware. IEEE Transactions on Computers, 62(6):1193-1206.
  4. Gusev, M. and Ristov, S. (2012). Matrix multiplication performance analysis in virtualized shared memory multiprocessor. In Proceedings of 35th International Convention, MIPRO 2012, pages 251-256, IEEE.
  5. Kephart, J.O. and Arnold, W.C. (1994). Automatic Extraction of Computer Virus Signatures. Virus Bulletin Conference, 1994, pages 178-184.
  6. Kim, T., Hwang, W. Park, K. W. and Park, K. H. (2014). I-Filter: Identical Structured Control Flow String Filter for Accelerated Malware Variant Classification. In Proceedings of International Symposium on Biometrics and Security Technologies, ISBAST 2014, IEEE.
  7. Kundu, S., Rangaswami, R., Dutta, K. and Zhao, M. (2010). Application performance modeling in a virtualized environments. In Proceedings of 16th International Symposium on High Performance Computer Architecture, HPCA 2010, pages 1-10, IEEE.
  8. Li, W. and Godzik, A. (2006). Cd-hit: a fast program for clustering and comparing large sets of protein or nucleotide sequences. Bioinformatics, 22(13):1658- 1659.
  9. OKane, P., Sezer, S. and McLaughlin, K. (2011). Obfuscation: The Hidden Malware. IEEE Security & Privacy, 9(5):41-47.
  10. Park K. H., Park S. K., Hwang W., Seok H., Shin D. J., and Park K. W. (2012). Resource Management of Manycores with a Hierarchical and a Hybrid Main Memory for MN-MATE Cloud Node. In Proceedings of Eighth World Congress on Services, SERVICES 2012, page 301-308, IEEE.
  11. Paul B., Boris D., Keir F., Steven H., Tim H., Alex H., Rolf N., Ian P., Andrew W. (2003). Xen and the art of virtualization. In Proceedings of the 19th ACM symposium on Operating systems principles, SOSP 2003, pages 164-177, ACM.
  12. Sharir, M. (1980). Structural Analysis : A new approach to flow analysis in optimizing compiler. Computer Languages, 5(3-4):141-153.
  13. Ukkonen, E. (1986). Algorithms for approximate string matching. Information and Control, 61(1-3):100-118.
Download


Paper Citation


in Harvard Style

Kim T., Hwang W., Kim C., Shin D., Park K. and Park K. (2015). Malfinder: Accelerated Malware Classification System through Filtering on Manycore System . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 17-26. DOI: 10.5220/0005227500170026


in Bibtex Style

@conference{icissp15,
author={Taegyu Kim and Woomin Hwang and Chulmin Kim and Dong-Jae Shin and Ki-Woong Park and Kyu Ho Park},
title={Malfinder: Accelerated Malware Classification System through Filtering on Manycore System},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={17-26},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005227500170026},
isbn={978-989-758-081-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Malfinder: Accelerated Malware Classification System through Filtering on Manycore System
SN - 978-989-758-081-9
AU - Kim T.
AU - Hwang W.
AU - Kim C.
AU - Shin D.
AU - Park K.
AU - Park K.
PY - 2015
SP - 17
EP - 26
DO - 10.5220/0005227500170026