Classification of polymorphic and metamorphic malware samples based on their behavior

Authors:
Ksenia Tsyganok;Evgeny Tumoyan;Liudmila Babenko;Maxim Anikeev
Affiliations:
South. Fed. Univ., Taganrog, Russia;South. Fed. Univ., Taganrog, Russia;South. Fed. Univ., Taganrog, Russia;South. Fed. Univ., Taganrog, Russia
Venue:
Proceedings of the Fifth International Conference on Security of Information and Networks
Year:
2012

Citing 7
Cited 0

Introduction to algorithms

Introduction to algorithms
Pattern Recognition with Fuzzy Objective Function Algorithms

Pattern Recognition with Fuzzy Objective Function Algorithms
Detection of injected, dynamically generated, and obfuscated malicious code

Proceedings of the 2003 ACM workshop on Rapid malcode
Mining specifications of malicious behavior

ISEC '08 Proceedings of the 1st India software engineering conference
Signature Generation and Detection of Malware Families

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API

Proceedings of the 3rd international conference on Security of information and networks
API monitoring system for defeating worms and exploits in MS-Windows system

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work proposes a new method of malware classification based on behavior features. We developed a proximity measure for programs, which takes into account WinAPI calls, their arguments, and files handled by these programs. Cluster analysis is used for grouping. The method was tested with actual malware samples.