Advanced persistent threat organization identification based on software gene of malware. Issue 12 (30th January 2020)
- Record Type:
- Journal Article
- Title:
- Advanced persistent threat organization identification based on software gene of malware. Issue 12 (30th January 2020)
- Main Title:
- Advanced persistent threat organization identification based on software gene of malware
- Authors:
- Chen, Weixiang
Helu, Xiaohan
Jin, Chengjie
Zhang, Man
Lu, Hui
Sun, Yanbin
Tian, Zhihong - Abstract:
- Abstract: Since the concept of IoT (Internet of Things) was proposed, it has digitized the real world and has a wide range of applications. However, with tremendous evolution in data acquisition and transfer, a new type of attack represented by advanced persistent threat (APT) has attracted wide attention. APT organization identification for malware is a method to detect APT attacks. However, most of malware is tailored to the goal, it is complex and changeable, or can be updated very quickly. The traditional analysis method is difficult to obtain the source information of APT organization from the malware in the IoT. To this end, we propose a software genes method to solve this problem. Software gene is binary fragment of specific function or information in the software body. In this paper, different from traditional data flow and instruction flow, a new gene model is proposed which combine with knowledge graph of malware behavior. We fill the processed malware information into the gene model to obtain the APT organization gene pool. Of course, the gene pool should be optimized to include the genetic characteristics of APT. In theory, there genetic characteristics can help us identify malware and APT accurately in the IoT. However, biological genetic similarity algorithms cannot be used directly. A genetic similarity algorithm for APT organization identification of malware will be designed instead. Simulations on real‐world dataset corroborate theoretical analysis andAbstract: Since the concept of IoT (Internet of Things) was proposed, it has digitized the real world and has a wide range of applications. However, with tremendous evolution in data acquisition and transfer, a new type of attack represented by advanced persistent threat (APT) has attracted wide attention. APT organization identification for malware is a method to detect APT attacks. However, most of malware is tailored to the goal, it is complex and changeable, or can be updated very quickly. The traditional analysis method is difficult to obtain the source information of APT organization from the malware in the IoT. To this end, we propose a software genes method to solve this problem. Software gene is binary fragment of specific function or information in the software body. In this paper, different from traditional data flow and instruction flow, a new gene model is proposed which combine with knowledge graph of malware behavior. We fill the processed malware information into the gene model to obtain the APT organization gene pool. Of course, the gene pool should be optimized to include the genetic characteristics of APT. In theory, there genetic characteristics can help us identify malware and APT accurately in the IoT. However, biological genetic similarity algorithms cannot be used directly. A genetic similarity algorithm for APT organization identification of malware will be designed instead. Simulations on real‐world dataset corroborate theoretical analysis and reveal the possibility of using genes for malware traceability. Abstract : Process of building gene pool. … (more)
- Is Part Of:
- Transactions on emerging telecommunications technologies. Volume 31:Issue 12(2020)
- Journal:
- Transactions on emerging telecommunications technologies
- Issue:
- Volume 31:Issue 12(2020)
- Issue Display:
- Volume 31, Issue 12 (2020)
- Year:
- 2020
- Volume:
- 31
- Issue:
- 12
- Issue Sort Value:
- 2020-0031-0012-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2020-01-30
- Subjects:
- Telecommunication -- Periodicals
384.05 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1541-8251 ↗
http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)2161-3915 ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/ett.3884 ↗
- Languages:
- English
- ISSNs:
- 2161-5748
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15330.xml