SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares." />


Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis

Masashi ETO  Kotaro SONODA  Daisuke INOUE  Katsunari YOSHIOKA  Koji NAKAO  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.5   pp.1106-1116
Publication Date: 2010/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: 
Keyword: 
malware correlation analysis,  spectrum analysis,  Fourier transform,  

Full Text: PDF(561.2KB)
>>Buy this Article


Summary: 
Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.