Malware classification method via binary content comparison

Authors:
Boojoong Kang;Taekeun Kim;Heejun Kwon;Yangseo Choi;Eul Gyu Im
Affiliations:
Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;ETRI, Daejeon, Korea;Hanyang University, Seoul, Korea
Venue:
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Year:
2012

Citing 8
Cited 2

Detecting Obfuscated Viruses Using Cosine Similarity Analysis

AMS '07 Proceedings of the First Asia International Conference on Modelling & Simulation
Opcodes as predictor for malware

International Journal of Electronic Security and Digital Forensics
Automatic malware categorization using cluster ensemble

Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
SplitScreen: enabling efficient, distributed malware detection

NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
BitShred: feature hashing malware for scalable triage and semantic analysis

Proceedings of the 18th ACM conference on Computer and communications security
FORECAST: skimming off the malware cream

Proceedings of the 27th Annual Computer Security Applications Conference
Malware classification using instruction frequencies

Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Idea: opcode-sequence-based malware detection

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems

Malware analysis method using visualization of binary files

Proceedings of the 2013 Research in Adaptive and Convergent Systems
Function matching-based binary-level software similarity calculation

Proceedings of the 2013 Research in Adaptive and Convergent Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the wide spread uses of the Internet, the number of Internet attacks keeps increasing, and malware is the main cause of most Internet attacks. Malware is used by attackers to infect normal users' computers and to acquire private information as well as to attack other machines. The number of new malware and variants of malware is increasing every year because the automated tools allow attackers to generate the new malware or their variants easily. Therefore, performance improvement of the malware analysis is critical to prevent malware from spreading rapidly and to mitigate damages to users. In this paper, we proposed a new malware classification method by analyzing similarities of malware. Our method analyzes a small part of malware to reduce analysis overheads, and experimental results showed that our approach can effectively classify malware families.