원문정보
초록
영어
It is not only important for security analysts to judge some binary code is malicious or not, but also to understand the malware “what to do” and “what’s the impact it posed on our information system”. In this paper, we proposed a novel information fusion model to quantitate the threat of malware. The model consists of three levels: the decision making level information fusion, the attribute level information fusion and the behavior level information fusion. These three levels portray special characteristics of malware threat distributed in the assessment model. Combined with the static analysis technology and real-time monitor technology, we implemented a framework of malware threat assessment. The experiment demonstrates that our information fusion model for malware threat assessment is effective to quantitate the threat of malware in accuracy and differentiation degree. In the end, we discussed several issues that could improve the performance of the model.
목차
1. Introduction
2. Overview of Model
3. The Design of Information Fusion Model
3.1 Decision Making Level Information Fusion
3.2 Attribute Level Information Fusion
3.3 Behavior Level Information Fusion
4. A Hybrid Framework of Malware Analysis
4.1. Static Analysis Module
4.2. Real-time monitor module
5. Experiments and Results
5.1. Deployment of Experiment Environment
5.2 Experiment Analysis
6. Related Work
6.1. Malware Threat Assessment
6.2. Multi-Feature Analysis Framework of Malware
7. Discussion and Future Work
8. Conclusion
References