The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes.
Identifying influential spreaders in complex networks is critical for information spread and malware diffusion suppression. In this paper, we propose a novel influential spreader identification method, called SpreadRank, which considers the path reachability in information spreading and uses its quantitative index as a measure of node spread centrality to obtain the spread influence of a single node. To avoid the overlapping of the influence range of the node spread, this method establishes a dynamic influential node set selection mechanism based on the spread centrality value and the principle of minimizing the maximum connected branch after network segmentation, and it selects a group of nodes with the greatest overall spread influence. Experiments based on the SIR model demonstrate that, compared to other existing methods, the selected influential spreaders of SpreadRank can quickly diffuse or suppress information more effectively.
Due to limited resources, wireless sensor network (WSN) nodes generally possess weak defense capabilities and are often the target of malware attacks. Attackers can capture or infect specific sensor nodes and propagate malware to other sensor nodes in WSNs through node communication. This can eventually infect an entire network system and even cause paralysis. Based on epidemiological theory, the present study proposes a malware propagation model suitable for cluster-based WSNs to analyze the propagation dynamic of malware. The model focuses on the data-transmission characteristics between different nodes in a cluster-based network and considers the actual application parameters of WSNs, such as node communication radius, node distributed density, and node death rate. In addition, an attack and defense game between malware and defending systems is also established, and the infection and recovery rates of malware propagation under the mixed strategy Nash equilibrium condition are given. In particular, the basic reproductive number, equilibrium point, and stability of the model are derived. These studies revealed that a basic reproductive number of less than 1 leads to eventual disappearance of malware, which provides significant insight into the design of defense strategies against malware threats. Numerical experiments were conducted to validate the theory proposed, and the influence of WSN parameters on malware propagation was examined.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.