An Approach to Selecting an Informative Feature in Software Identification

Statement of Research. A need to reduce the increasing number of system vulnerabilities caused by unauthorized software installed on computer aids necessitates development of an approach to automate the data-storage media audit. The article describes an approach to identification of informative assembly instructions. Also, the influence of a chosen feature that is used to create a unified program signature on identification result is shown. Methods. Shannon method allowing a determination of feature informativeness for a random number of object classes and not depending on the sample volume of observed features is used to calculate informativeness. Identification of elf-files was based on applying statistical chi-squared test of homogeneity. Main Findings. Quantitative characteristics of informativeness for 118 assembly instructions have been obtained. The analysis of experimental results for executable files identification with 10 different features used to create program signatures compared by means of the chi-squared test of homogeneity at significance levels p = 0.05 and p = 0.01 has been carried out. Practical Relevance. The importance of using a particular feature in program signature creation has been discovered, as well as the capability of considering several executable file signatures together to provide a summative assessment on their belonging to a certain program.

[1]  Mikhail E. Sukhoparov,et al.  Using preventive measures for the purpose of assuring information security of wireless communication channels , 2016, 2016 18th Conference of Open Innovations Association and Seminar on Information Security and Protection of Information Technology (FRUCT-ISPIT).

[2]  Irina E. Krivtsova,et al.  Identification of executable files on the basis of statistical criteria , 2017, 2017 20th Conference of Open Innovations Association (FRUCT).

[3]  Muddassar Farooq,et al.  ELF-Miner: using structural knowledge and data mining methods to detect new (Linux) malicious executables , 2011, Knowledge and Information Systems.

[4]  Mourad Debbabi,et al.  Graph-theoretic characterization of cyber-threat infrastructures , 2015, Digit. Investig..

[5]  Irina E. Krivtsova,et al.  METHOD OF EXECUTABLE FILTS IDENTIFICATION BY THEIR SIGNATURES , 2016 .

[6]  Ying-xu. Lai,et al.  Unknown Malicious Identification , 2008, World Congress on Engineering.

[7]  Robert Layton,et al.  Malware Detection Based on Structural and Behavioural Features of API Calls , 2010 .

[8]  Peng Li,et al.  On Challenges in Evaluating Malware Clustering , 2010, RAID.