Empirical Network Structure of Malicious Programs

A modern binary executable is a composition of various networks. Control flow graphs are commonly used to represent an executable program in labeled datasets used for classification tasks. Control flow and term representations are widely adopted, but provide only a partial view of program semantics. This study is an empirical analysis of the networks composing malicious binaries in order to provide a complete representation of the structural properties of a program. This is accomplished by the measurement of structural properties of program networks in a malicious binary executable dataset. We demonstrate the presence of Scale-Free properties of network structure for program data dependency and control flow graphs, and show that data dependency graphs also have Small-World structural properties. We show that program data dependency graphs have a degree correlation that is structurally disassortative, and that control flow graphs have a neutral degree assortativity, indicating the use of random graphs to model the structural properties of program control flow graphs would show increased accuracy. By providing an increase in feature resolution within labeled datasets of executable programs we provide a quantitative basis to interpret the results of classifiers trained on CFG graph features. An increase in feature resolution allows for the structural properties of program classes to be analyzed for patterns as well as their component parts. By capturing a complete picture of program graphs we can enable theoretical solutions for the mapping a program's operational semantics to its structure.Comment: 13 pages, 7 figure

Graph Perturbation as Noise Graph Addition: A New Perspective for Graph Anonymization

Different types of data privacy techniques have been applied to graphs and social networks. They have been used under different assumptions on intruders’ knowledge. i.e., different assumptions on what can lead to disclosure. The analysis of different methods is also led by how data protection techniques influence the analysis of the data. i.e., information loss or data utility. One of the techniques proposed for graph is graph perturbation. Several algorithms have been proposed for this purpose. They proceed adding or removing edges, although some also consider adding and removing nodes. In this paper we propose the study of these graph perturbation techniques from a different perspective. Following the model of standard database perturbation as noise addition, we propose to study graph perturbation as noise graph addition. We think that changing the perspective of graph sanitization in this direction will permit to study the properties of perturbed graphs in a more systematic way

Semi-supervised learning techniques: k-means clustering in OODB Fragmentation

Abstract – Vertical and horizontal fragmentation are central issues in the design process of Distributed Object Based Systems. A good fragmentation scheme followed by an optimal allocation could greatly enhance performance in such systems, as data transfer between distributed sites is minimized. In this paper we present a horizontal fragmentation approach that uses the k-means AI clustering method for partitioning object instances into fragments. Our new method applies to existing databases, where statistics are already present. We model fragmentation input data in a vector space and give different object similarity measures together with their geometrical interpretations. We provide quality and performance evaluations using a partition evaluator function. I

A New Approach for Optimal Fragmentation Order in Distributed Object Oriented Databases

Class fragmentation is an important task in the design of Distributed OODBs and there are many algorithms handling it. Almost none of them deals however with the class fragmentation order details. We claim that class fragmentation order can induce severe performance penalties if not considered in the fragmentation phase. We propose here two variants of an algorithm for finding the optimal class fragmentation order in a DOODB. In both variants we capture all class relations (inheritance, aggregation) and we determine a class fragmentation order where precedence conflicts induced by relation cycles are eliminated in such way that the strongest links be maintained.

AI Clustering Techniques: a New Approach to Object Oriented Database Fragmentation

Abstract – Optimal application performance on a Distributed Object Based System requires class fragmentation and the development of allocation schemes to place fragments at distributed sites so data transfer is minimal. In this paper we present a horizontal fragmentation approach that uses the k-means centroid based clustering method for partitioning object instances into fragments. Our new method takes full advantage of existing data, where statistics are already present. We model fragmentation input data in a vector space and give different object similarity measures together with their geometrical interpretations. We provide quality and performance evaluations using a partition evaluator function. I