Automatic clustering of malware variants

Rima Asmar Awad, Kirk D. Sayre

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Scopus citations

Abstract

The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.

Original languageEnglish
Title of host publicationIEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationCybersecurity and Big Data, ISI 2016
EditorsWenji Mao, G. Alan Wang, Lina Zhou, Lisa Kaati
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages298-303
Number of pages6
ISBN (Electronic)9781509038657
DOIs
StatePublished - Nov 15 2016
Event14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States
Duration: Sep 28 2016Sep 30 2016

Publication series

NameIEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

Conference

Conference14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Country/TerritoryUnited States
CityTucson
Period09/28/1609/30/16

Fingerprint

Dive into the research topics of 'Automatic clustering of malware variants'. Together they form a unique fingerprint.

Cite this