doi: 10.17586/2226-1494-2018-18-2-278-285


INFORMATIVE FEATURE SELECTION IN SOFTWARE IDENTIFICATION TASK

K. I. Salakhutdinova, I. S. Lebedev, I. E. Krivtsova


Read the full article  ';
Article in Russian

For citation: Salakhutdinova K.I., Lebedev I.S., Krivtsova I.E. Informative feature selection in software identification task. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2018, vol. 18, no. 2, pp. 278–285 (in Russian). doi: 10.17586/2226-1494-2018-18-2-278-285

Abstract

Subject of Research.The need for slowdown of the increasing number of vulnerabilities caused by installation of unauthorized software on computer equipment, calls for an approach development to automate the audit of data storage media. The paper proposes an approach for identification of informative assembler commands. We study the effect of a chosen feature used for creation of unified program signature on the identification results. Methods. The Shannon method was used for informativity calculation. It gives the possibility to determine the feature informativity for random number of object classes and is independent of the volume of observed feature samples. Identification of elf-files was based on application of chi-square statistical homogeneity criterion. Main Results. Quantitative informativity characteristics for 118 assembler commands are obtained. The analysis of experiment results for executable files identification is carried out with the use of ten different features for creation of program signatures. Comparison is performed by chi-square homogeneity criterion at significance levels p = 0.05 and p = 0.01. Practical Relevance. We have found out the importance of particular feature application in the task of program signatures creation, as well as the possibility of considering several executable file signatures in common to create the final score of belonging to a certain program.


Keywords: identification of executable files, elf-files, feature informativity, chi-square criterion, information security

References
 
  1. Сулейманова Ш.С., Назарова Е.А. Информационные войны: история и современность: Учебное пособие. М.: Этносоциум, 2017. 126 с.
  2. Williams S.P., Hardy J.A., Holgate C.A. Information security governance practices in critical infrastructure organizations: a socio-technical and institutional logic perspective // Electronic Markets. 2013. V. 23. N 4. P. 341–351. doi: 10.1007/s12525-013-0137-3
  3. Boukhtouta A., Mouheb D., Debbabi M., Alfandi O., Iqbal F., El Barachi M. Graph-theoretic characterization of cyber-threat infrastructures // Digital Investigation. 2015. V. 14. N 1. P. S3–S15. doi: 10.1016/j.diin.2015.05.002
  4. Alazab M., Layton R., Venkataraman S., Watters P. Malware detection based on structural and behavioral features of API calls // Proc. International Cyber Resilience Conference (ICR2010). 2010. P. 1–10.
  5. Shahzad F., Farooq M. ELF-Miner: Using structural knowledge and data mining methods to detect new (Linux) malicious executables // Knowledge and Information Systems. 2011. V. 30. N 3. P. 589–612. doi: 10.1007/s10115-011-0393-5
  6. Li P., Liu L., Gao D., Reiter M.K. On challenges in evaluating malware clustering // Lecture Notes in Computer Science. 2010. V. 6307. P. 238–255.doi: 10.1007/978-3-642-15512-3_13
  7. Комашинский Д.В., Котенко И.В. Методы интеллектуального анализа данных для выявления вредоносных программных объектов: обзор современных исследований // Вопросы защиты информации. 2013. № 4(102). С. 21–33.
  8. Lai Y.X., Liu Z.H. Unknown malicious identification // Lecture Notes in Electrical Engineering. 2009. V. 39. P. 301–312. doi: 10.1007/978-90-481-2311-7_26
  9. Антонов А.Е., Федулов А.С. Идентификация типа файла на основе структурного анализа // Прикладная информатика. 2013. № 2(44). С. 68–77.
  10. Казарин О.В. Теория и практика защиты программ. М.: МГУЛ, 2004. 450 с.
  11. Кривцова И.Е., Салахутдинова К.И., Кузьмич П.А. Метод построения сигнатур исполняемых файлов с целью их идентификации // Вестник полиции. 2015. Т. 5. № 3(5). С. 97–105. doi: 10.13187/vesp.2015.5.97 
  12. Druzhinin N.K., Salakhutdinova K.I. Identification of executable file by dint of individual feature // Proc. Int. Conf. on Information Security and Protection of Information Technology. St. Petersburg, Russia, 2015. P. 45–47.
  13. Кривцова И.Е., Салахутдинова К.И., Юрин И.В. Метод идентификации исполняемых файлов по их сигнатурам // Вестник Государственного университета морского и речного флота имени адмирала С.О. Макарова. 2016. № 1(35). С. 215–224.
  14. Krivtsova I.E., Lebedev I.S., Salakhutdinova K.I. Identification of executable files on the basis of statistical criteria // Proc. 20th Conference of Open Innovations Association. St. Petersburg, 2017. P. 202–208.doi: 10.23919/FRUCT.2017.8071312
  15. Смирнов Н.В., Дунин-Барковский И.В. Курс теории вероятностей и математической статистики. М.: Наука, 1969. 512 с.


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2024 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика