Malware is computer software with the harmful intension to both computers and networks. Anti-virus companies receive extensive amount of malware variants daily, therefore there is an essential need to automatically cluster malware variants into their corresponding family in order to reduce the effort and time on manual analysis. As malware variants which belong to the same family, share certain amount of code, we classify them into the same cluster based on the shared features that we extract from them. In this paper we propose a static analysis approach using text based search technique, control flow graph, hashing, and machine learning to cluster malware variants accordingly. However, this is an on going work, but we will be able to explain our methodology and the preliminary results achieved.
|Title of host publication
|Published - 2013
- Text based search, code normalization, control flow graph, hashing, malicious shared code, and machine learning