Paper Info
Title
A Malware Classification Method Based on Similarity of Function Structure
Abstract
Malicious software (Malware) in form of Internet worms, computer viruses, and trojan horses poses a major threat to the security of network systems. Identification of malware variants provides great benefit in early detection. Taking into account that variants of malware families share similar functions reflecting its origin and purpose, we propose a method focusing on the features of functions that a malware program consists of. In our method, the feature database is created based on the analysis of known malware programs, and functions in unknown programs are compared to the content of the database to determine the program belong to what family. To decrease the cost of the calculation of similarity, we use a filtering algorithm based on one-class SVM to filter out functions which have small influence in determining the family. We evaluated the approach using 32 categorized malware samples and 113 malware samples to be classified. In the experiment, it is shown that our approach effectively reduce the time for calculation while the accuracy is not deteriorated too much.
Year
DOI
Venue
2012
10.1109/SAINT.2012.48
SAINT
Keywords
Field
DocType
malware variant,malware classification method,great benefit,early detection,function structure,feature database,internet worm,malware family,unknown program,malware program,computer virus,malware sample,feature extraction,computer viruses,disassembly,support vector machines,vectors,malicious software,malware,databases,accuracy,static analysis
Data mining,Computer science,Support vector machine,Computer virus,Static analysis,Filter (signal processing),Feature extraction,Trojan,Malware,The Internet
Conference
Citations 
PageRank 
References 
9
0.57
8
Authors
3
Name
Order
Citations
PageRank
Yang Zhong1141.47
Hirofumi Yamaki28121.02
Hiroki Takakura324458.93