Malware classification based on call graph clustering
作者: Joris Kinable , Orestis Kostakis
DOI: 10.1007/S11416-011-0151-Y
关键词:
摘要: Each day, anti-virus companies receive tens of thousands samples potentially harmful executables. Many the malicious are variations previously encountered malware, created by their authors to evade pattern-based detection. Dealing with these large amounts data requires robust, automatic detection approaches. This paper studies malware classification based on call graph clustering. By representing as graphs, it is possible abstract certain away, enabling structural similarities between samples. The ability cluster similar together will make more generic techniques possible, thereby targeting commonalities within a cluster. To compare graphs mutually, we compute pairwise similarity scores via matchings which approximately minimize edit distance. Next, facilitate discovery samples, employ several clustering algorithms, including k-medoids and Density-Based Spatial Clustering Applications Noise (DBSCAN). experiments conducted collection real results evaluated against manual classifications provided human analysts. Experiments show that indeed accurately detect families We anticipate in future, can be used analyse emergence new families, ultimately automate implementation schemes.
springer.com
arxiv.org
harvard.edu
tue.nl
acm.org 
core.ac.uk 参考文章(41)
S. Bradde, Riccardo Zecchina, F. Tria, Martin Weigt, H. Mahmoudi, Alfredo Braunstein, Aligning graphs and finding substructures by message passing ,(2009)
Nobuo Funabiki, Junji Kitamichi, A Two-Stage Discrete Optimization Method for Largest Common Subgraph Problems IEICE Transactions on Information and Systems. ,vol. 82, pp. 1145- 1153 ,(1999)
Thomas Dullien, Graph-based comparison of Executable Objects ,(2005)
Joris Kinable, Malware Detection Through Call Graphs 64. ,(2010)
Douglas Brent West, Introduction to Graph Theory ,(1995)
Kaspar Riesen, Michel Neuhaus, Horst Bunke, Bipartite graph matching for computing the edit distance of graphs GbRPR'07 Proceedings of the 6th IAPR-TC-15 international conference on Graph-based representations in pattern recognition. pp. 1- 12 ,(2007) , 10.1007/978-3-540-72903-7_1
Xinbo Gao, Bing Xiao, Dacheng Tao, Xuelong Li, Image categorization: Graph edit distance+edge direction histogram Pattern Recognition. ,vol. 41, pp. 3179- 3191 ,(2008) , 10.1016/J.PATCOG.2008.03.025
Hinrich Schütze, Christopher D. Manning, Prabhakar Raghavan, Introduction to Information Retrieval ,(2005)
Ismael Briones, Aitor Gomez, Gran Vía, GRAPHS, ENTROPY AND GRID COMPUTING: AUTOMATIC COMPARISON OF MALWARE ,(2008)
Vipin Kumar, Pang-Ning Tan, Michael M. Steinbach, Introduction to Data Mining ,(2013)