Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

11-2012

Abstract

Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. In this paper, we propose a scalable malware behavior modeling technique that models the interactions between malware and sensitive system resources in a coarse-grained manner. Coarsegrained behavior modeling enables us to generate malware feature space that does not grow in proportion with the number of samples under examination. A preliminary study shows that our approach generates 289 times less malware features and yet improves the average clustering accuracy by 6.20% in comparison to a state-of-the-art malware clustering technique.

Keywords

Malware clustering, Coarse-grained behavior modeling

Discipline

Information Security | Software Engineering

Research Areas

Cybersecurity

Publication

Proceedings of the 20th ACM SIGSOFT Symposium on the Foundations of Software Engineering, Cary, USA, 2012 November 11-16

First Page

1

Last Page

4

ISBN

9781450316149

Identifier

10.1145/2393596.2393627

City or Country

USA

Additional URL

https://doi.org/10.1145/2393596.2393627

Share

COinS