Mal-netminer: malware classification based on social network analysis of call graph

In this work, we aim to classify malware using automatic classifiers by employing graph metrics commonly used in social network analysis. First, we make a malicious system call dictionary that consists of system calls found in malware. To analyze the general structural information of malware and measure the influence of system calls found in malware, we adopt social network analysis. Thus, we use social network metrics such as the degree distribution, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. Our experiments demonstrate that the proposed system performs well in classifying malware families within each malware class with accuracy greater than 98%. As exploiting the social network properties of system calls found in malware, our proposed method can not only classify the malware with fewer features than previous methods adopting graph features but also enables us to build a quick and simple detection system against malware.

[1]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[2]  Li Dong,et al.  Feature representation and selection in malicious code detection methods based on static system calls , 2011, Comput. Secur..

[3]  Mattia Monga,et al.  Detecting Self-mutating Malware Using Control-Flow Graph Matching , 2006, DIMVA.

[4]  Aziz Mohaisen,et al.  Unveiling Zeus: automated classification of malware samples , 2013, WWW.

[5]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[6]  Yogesh Virkar,et al.  Power-law distributions in binned empirical data , 2012, 1208.3524.

[7]  Lorenzo Martignoni,et al.  A Framework for Behavior-Based Malware Analysis in the Cloud , 2009, ICISS.

[8]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[9]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[10]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[11]  Ninghui Li,et al.  PRECIP: Towards Practical and Retrofittable Confidential Information Protection , 2008, NDSS.

[12]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[13]  Jianyong Dai,et al.  Efficient Virus Detection Using Dynamic Instruction Sequences , 2009, J. Comput..

[14]  Heejo Lee,et al.  Detecting metamorphic malwares using code graphs , 2010, SAC '10.

[15]  Muhammad Zubair Shafiq,et al.  Malware detection using statistical analysis of byte-level file content , 2009, CSI-KDD '09.