Journal of Information Processing
Online ISSN : 1882-6652
Grammar Compression of Call Traces in Dynamic Malware Analysis
Takahiro OkumuraYoshihiro Oyama
Author information

Volume 25 (2017) Pages 229-233

Download PDF (451K) Contact us

A significant number of logs are generated in dynamic malware analysis. Consequently, a method for effectively compressing these logs is required to reduce the amount of memory and storage consumed to store such logs. In this study, we evaluated the efficacy of grammar compression methods in compressing call traces in malware analysis logs. We hypothesized that grammar compression can be useful in compressing call traces because its algorithm can naturally express the dynamic control flows of program execution. We measured the compression ratio of three grammar compression methods (SEQUITUR, Re-Pair, and Byte Pair Encoding (BPE)) and three well-known compressors (gzip, bzip2, and xz). In experiments conducted in which API call sequences collected from thousands of Windows malware were compressed, the Re-Pair grammar compression method was found to outperform both gzip and bzip2.

Information related to the author
© 2017 by the Information Processing Society of Japan
Previous article Next article

Recently visited articles