Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient

Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient

The majority of recent cyber incidents have been caused by malware. According to a report by Symantec, an average of one million malicious codes is found daily. Automated static and dynamic analysis technologies are generally applied to cope with this, but most of the new malicious codes are the mut...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of supercomputing 2018-08, Vol.74 (8), p.3489-3503
Hauptverfasser: Lee, Taejin, Choi, Bomin, Shin, Youngsang, Kwak, Jin
Format: Artikel
Sprache:eng
Schlagworte:
Automation
Clustering
Compilers
Computer Science
Interpreters
Malware
Processor Architectures
Programming Languages
Trend analysis
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The majority of recent cyber incidents have been caused by malware. According to a report by Symantec, an average of one million malicious codes is found daily. Automated static and dynamic analysis technologies are generally applied to cope with this, but most of the new malicious codes are the mutants of existing malware. In this paper, we present technology that automatically detects the n-gram and clustering coefficient-based malware mutants and that automatically groups the different types of malware. We verified our system by applying more than 2600 malicious codes. Our proposed technology does more than just respond to malware as it can also provide the ground for the effective analysis of new malware, the trend analysis of a malware group, the automatic identification of specific malware, and the analysis of the estimated trend of an attacker.
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-015-1594-6