test
server time: root: http://itiis.org
current_path: /journals/tiis/digital-library/23099
current_url: http://itiis.org/journals/tiis/digital-library/23099
Fast k-NN based Malware Analysis in a Massive Malware Environment
  • KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Fast k-NN based Malware Analysis in a Massive Malware Environment

Vol. 13, No. 12, December 31, 2019
10.3837/tiis.2019.12.019, Download Paper (Free):

Abstract

codes distributed indiscriminately as well as intelligent APT attacks. As a result, studies using machine learning algorithms are being conducted as proactive prevention rather than post processing. The k-NN algorithm is widely used because it is intuitive and suitable for handling malicious code as unstructured data. In addition, in the malicious code analysis domain, the k-NN algorithm is easy to classify malicious codes based on previously analyzed malicious codes. For example, it is possible to classify malicious code families or analyze malicious code variants through similarity analysis with existing malicious codes. However, the main disadvantage of the k-NN algorithm is that the search time increases as the learning data increases. We propose a fast k-NN algorithm which improves the computation speed problem while taking the value of the k-NN algorithm. In the test environment, the k-NN algorithm was able to perform with only the comparison of the average of similarity of 19.71 times for 6.25 million malicious codes. Considering the way the algorithm works, Fast k-NN algorithm can also be used to search all data that can be vectorized as well as malware and SSDEEP. In the future, it is expected that if the k-NN approach is needed, and the central node can be effectively selected for clustering of large amount of data in various environments, it will be possible to design a sophisticated machine learning based system.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
J. Hwang, J. Kwak and T. Lee, "Fast k-NN based Malware Analysis in a Massive Malware Environment," KSII Transactions on Internet and Information Systems, vol. 13, no. 12, pp. 6145-6158, 2019. DOI: 10.3837/tiis.2019.12.019.

[ACM Style]
Jun-ho Hwang, Jin Kwak, and Tae-jin Lee. 2019. Fast k-NN based Malware Analysis in a Massive Malware Environment. KSII Transactions on Internet and Information Systems, 13, 12, (2019), 6145-6158. DOI: 10.3837/tiis.2019.12.019.