Novel Malware Similarity Analysis: Regional Longest Common Substring Algorithm with Elastic Suffix Tree
摘要
Widely adopted for sequence processing, n-grams are known for their efficiency and accuracy in applications such as malware detection through opcode sequence representation and text analysis through word sequences. However, despite their effectiveness, this approach suffers from key limitations: the fixed value of n and the exponential growth of gram variations in large datasets, which hinder algorithmic efficiency and scalability. To address these issues, we propose a dynamic solution using an elastic suffix tree structure that allows for simultaneous similarity evaluations between a query document and all documents indexed within the tree. Building on this framework, we introduce the concept of “Regional Longest Common Substring” (RLCS), a novel measure that captures the length of matched substrings during searches. RLCS provides richer insights compared with traditional Longest Common Substring and eliminates the need for exhaustive enumeration of all substrings, offering superior efficiency. This approach not only enhances document similarity analysis but also proves highly effective in IoT malware classification, allowing for more detailed analysis with reduced processing time. The performance and efficiency of RLCS are validated through extensive experiments on IoT malware benchmark datasets, demonstrating its superiority in sequence similarity measurement.