论文信息 - Malware classification using instruction frequencies

Malware classification using instruction frequencies

Developing variants of malware is a common and effective method to avoid the signature detection of antivirus programs. Malware analysis and signature abstraction are essential technologies to update the detection signature DB for malware detection. Since most malware binary analysis processes are performed manually, malware binary analysis is a time-consuming job. Therefore, efficient malware classification can be used to speed up malware binary analysis. As malware variants of the same malware family may share a portion of their binary code, the sequences of instructions may be similar, or even identical. In this paper, we propose a malware classification method that uses instruction frequencies. Our test results show that there are clear distinctions among malware and normal programs.

[1] Nello Cristianini,et al. An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[2] Zhuoqing Morley Mao,et al. Automated Classification and Analysis of Internet Malware , 2007, RAID.

[3] Keith Marzullo,et al. Analysis of Computer Intrusions Using Sequences of Function Calls , 2007, IEEE Transactions on Dependable and Secure Computing.

[4] Bezawada Bruhadeshwar,et al. Signature Generation and Detection of Malware Families , 2008, ACISP.

[5] Halvar Flake,et al. Structural Comparison of Executable Objects , 2004, DIMVA.

[6] Lynn Margaret Batten,et al. Function length as a tool for malware classification , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[7] Md. Rafiqul Islam,et al. An automated classification system based on the strings of trojan and virus families , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[8] Marius Gheorghescu. AN AUTOMATED VIRUS CLASSIFICATION SYSTEM , 2006 .