TY - GEN
T1 - Automatic clustering of malware variants
AU - Awad, Rima Asmar
AU - Sayre, Kirk D.
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/11/15
Y1 - 2016/11/15
N2 - The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.
AB - The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.
UR - http://www.scopus.com/inward/record.url?scp=85004098282&partnerID=8YFLogxK
U2 - 10.1109/ISI.2016.7745494
DO - 10.1109/ISI.2016.7745494
M3 - Conference contribution
AN - SCOPUS:85004098282
T3 - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016
SP - 298
EP - 303
BT - IEEE International Conference on Intelligence and Security Informatics
A2 - Mao, Wenji
A2 - Wang, G. Alan
A2 - Zhou, Lina
A2 - Kaati, Lisa
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Y2 - 28 September 2016 through 30 September 2016
ER -