Scalable malware clustering through coarse-grained behavior modeling
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to gener...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4782 https://ink.library.smu.edu.sg/context/sis_research/article/5785/viewcontent/Scalable_Malware_Clustering_through_Coarse_FSE12.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5785 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-57852020-01-16T10:18:25Z Scalable malware clustering through coarse-grained behavior modeling CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan SHAR, Lwin Khin Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. In this paper, we propose a scalable malware behavior modeling technique that models the interactions between malware and sensitive system resources in a coarse-grained manner. Coarsegrained behavior modeling enables us to generate malware feature space that does not grow in proportion with the number of samples under examination. A preliminary study shows that our approach generates 289 times less malware features and yet improves the average clustering accuracy by 6.20% in comparison to a state-of-the-art malware clustering technique. 2012-11-11T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4782 info:doi/10.1145/2393596.2393627 https://ink.library.smu.edu.sg/context/sis_research/article/5785/viewcontent/Scalable_Malware_Clustering_through_Coarse_FSE12.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Malware clustering Coarse-grained behavior modeling Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Malware clustering Coarse-grained behavior modeling Information Security Software Engineering |
| spellingShingle |
Malware clustering Coarse-grained behavior modeling Information Security Software Engineering CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan SHAR, Lwin Khin Scalable malware clustering through coarse-grained behavior modeling |
| description |
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. In this paper, we propose a scalable malware behavior modeling technique that models the interactions between malware and sensitive system resources in a coarse-grained manner. Coarsegrained behavior modeling enables us to generate malware feature space that does not grow in proportion with the number of samples under examination. A preliminary study shows that our approach generates 289 times less malware features and yet improves the average clustering accuracy by 6.20% in comparison to a state-of-the-art malware clustering technique. |
| format |
text |
| author |
CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan SHAR, Lwin Khin |
| author_facet |
CHANDRAMOHAN, Mahinthan TAN, Hee Beng Kuan SHAR, Lwin Khin |
| author_sort |
CHANDRAMOHAN, Mahinthan |
| title |
Scalable malware clustering through coarse-grained behavior modeling |
| title_short |
Scalable malware clustering through coarse-grained behavior modeling |
| title_full |
Scalable malware clustering through coarse-grained behavior modeling |
| title_fullStr |
Scalable malware clustering through coarse-grained behavior modeling |
| title_full_unstemmed |
Scalable malware clustering through coarse-grained behavior modeling |
| title_sort |
scalable malware clustering through coarse-grained behavior modeling |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2012 |
| url |
https://ink.library.smu.edu.sg/sis_research/4782 https://ink.library.smu.edu.sg/context/sis_research/article/5785/viewcontent/Scalable_Malware_Clustering_through_Coarse_FSE12.pdf |
| _version_ |
1770575029532098560 |