Abstract
Anti-virus companies receive extensive quantities of malware variants daily; therefore, it is essential to automatically classify them into their corresponding malware family. Here, we apply an efficient statistical approach to identify and render critical malicious patterns into malware families, which are essential elements of automated classification of known and unknown malware variants in large quantities. Critical malicious patterns are the most frequent basic blocks, which are present most often in one specific malware family, and comparatively less in all other malware families. By computing the distribution frequency of each distinct basic block residing in all the malware families, the importance of being a potential representative of a critical malicious pattern for a specific malware family is measured. This value is carefully computed by considering the population of each malware family, and the distribution frequency ratio of every distinct basic block among the different malware families. The results show that known and unknown malware variants can be effectively and accurately classified into their related malware family using this approach.
Original language | English |
---|---|
Title of host publication | Proceedings of 2016 SAI Computing Conference, SAI 2016 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1093-1099 |
Number of pages | 7 |
ISBN (Print) | 9781467384605 |
DOIs | |
Publication status | Published - 29 Aug 2016 |
Event | 2016 SAI Computing Conference, SAI 2016 - London, United Kingdom Duration: 13 Jul 2016 → 15 Jul 2016 |
Conference
Conference | 2016 SAI Computing Conference, SAI 2016 |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 13/07/2016 → 15/07/2016 |
Keywords
- Malicious Features
- Malware Classification
- Pattern Matching
- Shared Code
- Statistical