Malware classification method via binary content comparison

With the wide spread uses of the Internet, the number of Internet attacks keeps increasing, and malware is the main cause of most Internet attacks. Malware is used by attackers to infect normal users' computers and to acquire private information as well as to attack other machines. The number of new malware and variants of malware is increasing every year because the automated tools allow attackers to generate the new malware or their variants easily. Therefore, performance improvement of the malware analysis is critical to prevent malware from spreading rapidly and to mitigate damages to users. In this paper, we proposed a new malware classification method by analyzing similarities of malware. Our method analyzes a small part of malware to reduce analysis overheads, and experimental results showed that our approach can effectively classify malware families.

[1]  Yoseba K. Penya,et al.  N-grams-based File Signatures for Malware Detection , 2009, ICEIS.

[2]  Ludmila I. Kuncheva,et al.  Full-class set classification using the Hungarian algorithm , 2010, Int. J. Mach. Learn. Cybern..

[3]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[4]  Yoseba K. Penya,et al.  Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[5]  Peter Martini,et al.  Classification and detection of metamorphic malware using value set analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[6]  Ratan K. Guha,et al.  Detecting Obfuscated Viruses Using Cosine Similarity Analysis , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[7]  Qinghua Zhang,et al.  MetaAware: Identifying Metamorphic Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[8]  David Brumley,et al.  SplitScreen: Enabling efficient, distributed malware detection , 2010, Journal of Communications and Networks.

[9]  David Brumley,et al.  BitShred: feature hashing malware for scalable triage and semantic analysis , 2011, CCS '11.

[10]  Eul Gyu Im,et al.  Malware classification using instruction frequencies , 2011, RACS.

[11]  Grant Malcolm,et al.  Detection of metamorphic and virtualization-based malware using algebraic specification , 2009, Journal in Computer Virology.

[12]  Grant Malcolm,et al.  Detection of metamorphic computer viruses using algebraic specification , 2006, Journal in Computer Virology.

[13]  Christopher Krügel,et al.  FORECAST: skimming off the malware cream , 2011, ACSAC '11.

[14]  Vlado Keselj,et al.  Detection of New Malicious Code Using N-grams Signatures , 2004, PST.

[15]  Yong Chen,et al.  Automatic malware categorization using cluster ensemble , 2010, KDD.

[16]  Guillaume Bonfante,et al.  Morphological detection of malware , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[17]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).