Scalable malware clustering through coarse-grained behavior modeling
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to gener...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2013
|
| Online Access: | https://hdl.handle.net/10356/98910 http://hdl.handle.net/10220/12587 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-98910 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-989102020-03-07T13:24:49Z Scalable malware clustering through coarse-grained behavior modeling Chandramohan, Mahinthan Tan, Hee Beng Kuan Shar, Lwin Khin School of Electrical and Electronic Engineering International Symposium on the Foundations of Software Engineering (20th : 2012 : Cary, USA) Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. In this paper, we propose a scalable malware behavior modeling technique that models the interactions between malware and sensitive system resources in a coarse-grained manner. Coarse-grained behavior modeling enables us to generate malware feature space that does not grow in proportion with the number of samples under examination. A preliminary study shows that our approach generates 289 times less malware features and yet improves the average clustering accuracy by 6.20% comparing to a state-of-the-art malware clustering technique. 2013-07-31T04:06:23Z 2019-12-06T20:01:03Z 2013-07-31T04:06:23Z 2019-12-06T20:01:03Z 2012 2012 Conference Paper Chandramohan, M., Tan, H. B. K., & Shar, L. K. (2012). Scalable malware clustering through coarse-grained behavior modeling. Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering - FSE '12. https://hdl.handle.net/10356/98910 http://hdl.handle.net/10220/12587 10.1145/2393596.2393627 en |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| description |
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. In this paper, we propose a scalable malware behavior modeling technique that models the interactions between malware and sensitive system resources in a coarse-grained manner. Coarse-grained behavior modeling enables us to generate malware feature space that does not grow in proportion with the number of samples under examination. A preliminary study shows that our approach generates 289 times less malware features and yet improves the average clustering accuracy by 6.20% comparing to a state-of-the-art malware clustering technique. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Chandramohan, Mahinthan Tan, Hee Beng Kuan Shar, Lwin Khin |
| format |
Conference or Workshop Item |
| author |
Chandramohan, Mahinthan Tan, Hee Beng Kuan Shar, Lwin Khin |
| spellingShingle |
Chandramohan, Mahinthan Tan, Hee Beng Kuan Shar, Lwin Khin Scalable malware clustering through coarse-grained behavior modeling |
| author_sort |
Chandramohan, Mahinthan |
| title |
Scalable malware clustering through coarse-grained behavior modeling |
| title_short |
Scalable malware clustering through coarse-grained behavior modeling |
| title_full |
Scalable malware clustering through coarse-grained behavior modeling |
| title_fullStr |
Scalable malware clustering through coarse-grained behavior modeling |
| title_full_unstemmed |
Scalable malware clustering through coarse-grained behavior modeling |
| title_sort |
scalable malware clustering through coarse-grained behavior modeling |
| publishDate |
2013 |
| url |
https://hdl.handle.net/10356/98910 http://hdl.handle.net/10220/12587 |
| _version_ |
1681044328793767936 |