Malware Clustering Based on SNN Density Using System Calls

Clustering is an important part of the malware analysis. The malware clustering algorithms commonly used at present have gradually can not adapt to the growing number of malware. In order to improve the malware clustering algorithm, this paper uses the clustering algorithm based on Shared Nearest Neighbor (SNN), and uses frequencies of the system calls as the features for input. This algorithm combined with the DBSCAN which is traditional density-based clustering algorithm in data mining. This makes it is a better application in the process of clustering of malware. The results of clusters demonstrate that the effect of the algorithm of clustering is good. And the algorithm is simple to implement and easy to complete automated analysis. It can be applied to actual automated analysis of malware.

[1]  Orestis Kostakis,et al.  Classy: fast clustering streams of call-graphs , 2014, Data Mining and Knowledge Discovery.

[2]  Huy Kang Kim,et al.  Mal-netminer: malware classification based on social network analysis of call graph , 2014, WWW '14 Companion.

[3]  Yong Chen,et al.  Automatic malware categorization using cluster ensemble , 2010, KDD.

[4]  Kang G. Shin,et al.  MutantX-S: Scalable Malware Clustering Based on Static Features , 2013, USENIX Annual Technical Conference.

[5]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[6]  Guanhua Yan,et al.  Exploring Discriminatory Features for Automated Malware Classification , 2013, DIMVA.

[7]  Hongbo Shi Non-member,et al.  Structural classification and similarity measurement of malware , 2014 .

[8]  Shigeki Goto,et al.  Structural classification and similarity measurement of malware , 2014 .

[9]  Wanlei Zhou,et al.  Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware , 2013, IEEE Transactions on Computers.

[10]  Katsumi Wasaki,et al.  Malware classification based on extracted API sequences using static analysis , 2012, AINTEC.

[11]  Wanlei Zhou,et al.  Control Flow-Based Malware VariantDetection , 2014, IEEE Transactions on Dependable and Secure Computing.

[12]  Hahn-Ming Lee,et al.  Clustering of Similar Malware Behavior via Structural Host-Sequence Comparison , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference.

[13]  Roberto Perdisci,et al.  VAMO: towards a fully automated malware clustering validity analysis , 2012, ACSAC '12.

[14]  Fabio Roli,et al.  Poisoning behavioral malware clustering , 2014, AISec '14.