Simulated annealing: theory and applications
Simulated annealing: theory and applications
Theoretical Improvements in Algorithmic Efficiency for Network Flow Problems
Journal of the ACM (JACM)
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
A Binary Linear Programming Formulation of the Graph Edit Distance
IEEE Transactions on Pattern Analysis and Machine Intelligence
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
Approximate graph edit distance computation by means of bipartite graph matching
Image and Vision Computing
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
Comparing stars: on approximating graph edit distance
Proceedings of the VLDB Endowment
A survey of graph edit distance
Pattern Analysis & Applications
Bipartite graph matching for computing the edit distance of graphs
GbRPR'07 Proceedings of the 6th IAPR-TC-15 international conference on Graph-based representations in pattern recognition
Improving the efficiency of dynamic malware analysis
Proceedings of the 2010 ACM Symposium on Applied Computing
Fast suboptimal algorithms for the computation of graph edit distance
SSPR'06/SPR'06 Proceedings of the 2006 joint IAPR international conference on Structural, Syntactic, and Statistical Pattern Recognition
Malware classification based on call graph clustering
Journal in Computer Virology
BinSlayer: accurate comparison of binary executables
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
A similarity metric method of obfuscated malware using function-call graph
Journal in Computer Virology
Solving the missing node problem using structure and attribute information
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Function matching-based binary-level software similarity calculation
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Hi-index | 0.00 |
The amount of suspicious binary executables submitted to Anti-Virus (AV) companies are in the order of tens of thousands per day. Current hash-based signature methods are easy to deceive and are inefficient for identifying known malware that have undergone minor changes. Examining malware executables using their call graphs view is a suitable approach for overcoming the weaknesses of hash-based signatures. Unfortunately, many operations on graphs are of high computational complexity. One of these is the Graph Edit Distance (GED) between pairs of graphs, which seems a natural choice for static comparison of malware. We demonstrate how Simulated Annealing can be used to approximate the graph edit distance of call graphs, while outperforming previous approaches both in execution time and solution quality. Additionally, we experiment with opcode mnemonic vectors to reduce the problem size and examine how Simulated Annealing is affected.