WEKO3
アイテム
Fast Preprocessing by Suffix Arrays for Managing Byte n-grams to Detect Malware Subspecies by Machine Learning
https://ipsj.ixsq.nii.ac.jp/records/232440
https://ipsj.ixsq.nii.ac.jp/records/232440faf63352-6628-4b95-81b4-4ac4be5afef0
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6502054.pdf (753.7 kB)
2026年2月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-02-15 | |||||||||
| タイトル | ||||||||||
| タイトル | Fast Preprocessing by Suffix Arrays for Managing Byte n-grams to Detect Malware Subspecies by Machine Learning | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | Fast Preprocessing by Suffix Arrays for Managing Byte n-grams to Detect Malware Subspecies by Machine Learning | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | [一般論文] suffix array, byte n-grams, preprocessing | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||
| 資源タイプ | journal article | |||||||||
| 著者所属 | ||||||||||
| Tokyo University of Technology | ||||||||||
| 著者所属 | ||||||||||
| Tokyo University of Technology | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Tokyo University of Technology | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Tokyo University of Technology | ||||||||||
| 著者名 |
Kouhei, Kita
× Kouhei, Kita
× Ryuya, Uda
|
|||||||||
| 著者名(英) |
Kouhei, Kita
× Kouhei, Kita
× Ryuya, Uda
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Although machine learning methods with byte n-grams have been marking high score for classifying malware and benignware, they seem not to be used for current anti-virus software. A performance bottleneck of the methods is dealing with byte n-grams in preprocessing such as top-k selection. It takes a long time to extract all byte n-grams which are required for selecting top-k n-grams. Moreover, if several “n”s are wanted to be used such as 4-grams, 8-grams and 16-grams, n-grams with each “n” must be extracted again and again. Therefore, we proposed a fast preprocessing method of extracting n-grams by applying a suffix array algorithm. Furthermore, our method can manage multi-length byte n-grams at the same time. In addition, selecting feature n-grams like top-k n-grams with information gain is also included in our method. On the other hand, our method has a limitation that it is only applicable to a large number of samples in the same malware subspecies family, which become extinct. We evaluated the speed of our method by comparing with usual ways. We also evaluated our method by machine learning with actual samples in four old malware subspecies families. We think there is a hope that our method may be applicable to detecting current targeted malware. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.232 ------------------------------ |
|||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Although machine learning methods with byte n-grams have been marking high score for classifying malware and benignware, they seem not to be used for current anti-virus software. A performance bottleneck of the methods is dealing with byte n-grams in preprocessing such as top-k selection. It takes a long time to extract all byte n-grams which are required for selecting top-k n-grams. Moreover, if several “n”s are wanted to be used such as 4-grams, 8-grams and 16-grams, n-grams with each “n” must be extracted again and again. Therefore, we proposed a fast preprocessing method of extracting n-grams by applying a suffix array algorithm. Furthermore, our method can manage multi-length byte n-grams at the same time. In addition, selecting feature n-grams like top-k n-grams with information gain is also included in our method. On the other hand, our method has a limitation that it is only applicable to a large number of samples in the same malware subspecies family, which become extinct. We evaluated the speed of our method by comparing with usual ways. We also evaluated our method by machine learning with actual samples in four old malware subspecies families. We think there is a hope that our method may be applicable to detecting current targeted malware. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.232 ------------------------------ |
|||||||||
| 書誌レコードID | ||||||||||
| 収録物識別子タイプ | NCID | |||||||||
| 収録物識別子 | AN00116647 | |||||||||
| 書誌情報 |
情報処理学会論文誌 巻 65, 号 2, 発行日 2024-02-15 |
|||||||||
| ISSN | ||||||||||
| 収録物識別子タイプ | ISSN | |||||||||
| 収録物識別子 | 1882-7764 | |||||||||
| 公開者 | ||||||||||
| 言語 | ja | |||||||||
| 出版者 | 情報処理学会 | |||||||||
