マハラノビス距離を用いた難読化マルウェアJavaScriptの検出 Detection of obfuscated JavaScript malware using Mahalanobis-distance

この論文にアクセスする

この論文をさがす

著者

抄録

近年,JavaScript を用いたマルウェアが増加しており,自動判別の手法が望まれている.我々の研究では,難読化マルウェア JavaScript と一般の JavaScript の文字の出現確率および一次のマルコフ情報源の状態遷移確率に着目した.その結果,統計的に明らかな差異が見られた.そこで,文字の出現確率およびマルコフ情報源の状態遷移確率を確率変数とするマハラノビス距離を使用したマルウェア検知手法を提案する.実験の結果,2 種類の確率変数を使用したマハラノビス距離手法は,確率変数 1 種類の場合に比べ有効であることがわかった.Increasing of JavaScripts of malware requires the automatic detection system for malware in these days. Our research takes note of the occurrence probability both of obfuscated JavaScript malware and other JavaScript and state transition of first order Markov source. As the results of pre-experiments, statistical significance was found. We propose the detection method using Mahalanobis-distance with the probability variables of the rate of the number of upper Nth of appearance probability of characters and the probability variables of state transition of first order Markov source. As the results of experiments, the method of Mahalanobis distance with two probability variables was found the effectiveness method compared to the method using single probability.

Increasing of JavaScripts of malware requires the automatic detection system for malware in these days. Our research takes note of the occurrence probability both of obfuscated JavaScript malware and other JavaScript and state transition of first order Markov source. As the results of pre-experiments, statistical significance was found. We propose the detection method using Mahalanobis-distance with the probability variables of the rate of the number of upper Nth of appearance probability of characters and the probability variables of state transition of first order Markov source. As the results of experiments, the method of Mahalanobis distance with two probability variables was found the effectiveness method compared to the method using single probability.

収録刊行物

  • 研究報告マルチメディア通信と分散処理(DPS)

    研究報告マルチメディア通信と分散処理(DPS) 2014-DPS-161(17), 1-7, 2014-09-11

    一般社団法人情報処理学会

各種コード

  • NII論文ID(NAID)
    110009822228
  • NII書誌ID(NCID)
    AN10116224
  • 本文言語コード
    JPN
  • 資料種別
    Technical Report
  • データ提供元
    NII-ELS  IPSJ 
ページトップへ