Automatic clustering of malware variants

Rima Asmar Awad; Kirk D. Sayre

doi:10.1109/ISI.2016.7745494

Automatic clustering of malware variants

Rima Asmar Awad
, Kirk D. Sayre

Research Application Development

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.

Original language	English
Title of host publication	IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publication	Cybersecurity and Big Data, ISI 2016
Editors	Wenji Mao, G. Alan Wang, Lina Zhou, Lisa Kaati
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	298-303
Number of pages	6
ISBN (Electronic)	9781509038657
DOIs	https://doi.org/10.1109/ISI.2016.7745494
State	Published - Nov 15 2016
Event	14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States Duration: Sep 28 2016 → Sep 30 2016

Publication series

Name	IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

Conference

Conference	14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Country/Territory	United States
City	Tucson
Period	09/28/16 → 09/30/16

Access to Document

10.1109/ISI.2016.7745494

Cite this

Awad, R. A., & Sayre, K. D. (2016). Automatic clustering of malware variants. In W. Mao, G. A. Wang, L. Zhou, & L. Kaati (Eds.), IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016 (pp. 298-303). Article 7745494 (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2016.7745494

Awad, Rima Asmar ; Sayre, Kirk D. / Automatic clustering of malware variants. IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. editor / Wenji Mao ; G. Alan Wang ; Lina Zhou ; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 298-303 (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016).

@inproceedings{390999de70c3482d9acde8169d63c3ea,

title = "Automatic clustering of malware variants",

abstract = "The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of \%94 accuracy, and speed in clustering malware variants.",

author = "Awad, \{Rima Asmar\} and Sayre, \{Kirk D.\}",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 ; Conference date: 28-09-2016 Through 30-09-2016",

year = "2016",

month = nov,

day = "15",

doi = "10.1109/ISI.2016.7745494",

language = "English",

series = "IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "298--303",

editor = "Wenji Mao and Wang, \{G. Alan\} and Lina Zhou and Lisa Kaati",

booktitle = "IEEE International Conference on Intelligence and Security Informatics",

}

Awad, RA & Sayre, KD 2016, Automatic clustering of malware variants. in W Mao, GA Wang, L Zhou & L Kaati (eds), IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016., 7745494, IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016, Institute of Electrical and Electronics Engineers Inc., pp. 298-303, 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Tucson, United States, 09/28/16. https://doi.org/10.1109/ISI.2016.7745494

Automatic clustering of malware variants. / Awad, Rima Asmar; Sayre, Kirk D.
IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. ed. / Wenji Mao; G. Alan Wang; Lina Zhou; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2016. p. 298-303 7745494 (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automatic clustering of malware variants

AU - Awad, Rima Asmar

AU - Sayre, Kirk D.

PY - 2016/11/15

Y1 - 2016/11/15

N2 - The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.

AB - The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.

UR - https://www.scopus.com/pages/publications/85004098282

U2 - 10.1109/ISI.2016.7745494

DO - 10.1109/ISI.2016.7745494

M3 - Conference contribution

AN - SCOPUS:85004098282

T3 - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

SP - 298

EP - 303

BT - IEEE International Conference on Intelligence and Security Informatics

A2 - Mao, Wenji

A2 - Wang, G. Alan

A2 - Zhou, Lina

A2 - Kaati, Lisa

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015

Y2 - 28 September 2016 through 30 September 2016

ER -

Awad RA, Sayre KD. Automatic clustering of malware variants. In Mao W, Wang GA, Zhou L, Kaati L, editors, IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 298-303. 7745494. (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016). doi: 10.1109/ISI.2016.7745494

Automatic clustering of malware variants

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this