A fast algorithm for constructing phylogenetic trees with application to IoT malware clustering

Tianxiang He, Chansu Han, Ryoichi Isawa, Takeshi Takahashi, Shuji Kijima, Jun’ichi Takeuchi, Koji Nakao

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

抜粋

For efficiently handling thousands of malware specimens, we aim to quickly and automatically categorize those into malware families. A solution for this could be the neighbor-joining method using NCD (Normalized Compression Distance) as similarity of malware. It creates a phylogenetic tree of malware based on the NCDs between malware binaries for clustering. However, it is frustratingly slow because it requires (N2+N)/2 compression attempts for the NCDs, where N is the number of given specimens. For fast clustering, this paper presents an algorithm for efficiently constructing a phylogenetic tree by greatly reducing compression attempts. The key idea to do so is not to construct a tree of N specimens all at once. Instead, it divides N specimens into temporal clusters in advance, constructs a small tree for each temporal cluster, and joins the trees as a united tree. Intuitively, separately constructing small trees requires a much smaller number of compression attempts than (N2+N)/2. With experiments using 4,109 in-the-wild malware specimens, we confirm that our algorithm achieved clustering 22 times faster than the neighbor-joining method with a good accuracy of 97%.

元の言語英語
ホスト出版物のタイトルNeural Information Processing - 26th International Conference, ICONIP 2019, Proceedings
編集者Tom Gedeon, Kok Wai Wong, Minho Lee
出版者Springer
ページ766-778
ページ数13
ISBN(印刷物)9783030367077
DOI
出版物ステータス出版済み - 1 1 2019
イベント26th International Conference on Neural Information Processing, ICONIP 2019 - Sydney, オーストラリア
継続期間: 12 12 201912 15 2019

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
11953 LNCS
ISSN(印刷物)0302-9743
ISSN(電子版)1611-3349

会議

会議26th International Conference on Neural Information Processing, ICONIP 2019
オーストラリア
Sydney
期間12/12/1912/15/19

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

フィンガープリント A fast algorithm for constructing phylogenetic trees with application to IoT malware clustering' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用

    He, T., Han, C., Isawa, R., Takahashi, T., Kijima, S., Takeuchi, J., & Nakao, K. (2019). A fast algorithm for constructing phylogenetic trees with application to IoT malware clustering. : T. Gedeon, K. W. Wong, & M. Lee (版), Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings (pp. 766-778). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 巻数 11953 LNCS). Springer. https://doi.org/10.1007/978-3-030-36708-4_63