A comparative study of malware family classification

Authors:
Rafiqul Islam;Irfan Altas
Affiliations:
School of Computing and Mathematics, Charles Sturt University, NSW, Australia;School of Computing and Mathematics, Charles Sturt University, NSW, Australia
Venue:
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Year:
2012

Citing 19
Cited 0

Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
N-Gram-Based Detection of New Malicious Code

COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Static Analyzer of Vicious Executables (SAVE)

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
IMDS: intelligent malware detection system

Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Opcodes as predictor for malware

International Journal of Electronic Security and Digital Forensics
On Malicious Software Classification

IITAW '08 Proceedings of the 2008 International Symposium on Intelligent Information Technology Application Workshops
Improving malware detection by applying multi-inducer ensemble

Computational Statistics & Data Analysis
vEye: behavioral footprinting for self-propagating worm detection and profiling

Knowledge and Information Systems
Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey

Information Security Tech. Report
Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior

ICCSN '09 Proceedings of the 2009 International Conference on Communication Software and Networks
Using spatio-temporal information in API calls with machine learning algorithms for malware detection

Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Data mining methods for malware detection using instruction sequences

AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Malicious Executables Classification Based on Behavioral Factor Analysis

IC4E '10 Proceedings of the 2010 International Conference on e-Education, e-Business, e-Management and e-Learning
RBACS: Rootkit Behavioral Analysis and Classification System

WKDD '10 Proceedings of the 2010 Third International Conference on Knowledge Discovery and Data Mining
Automated classification and analysis of internet malware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automatic malware categorization using cluster ensemble

Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Fast malware classification by automated behavioral graph matching

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Effective and efficient malware detection at the end host

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Evaluation of malware clustering based on its dynamic behaviour

AusDM '08 Proceedings of the 7th Australasian Data Mining Conference - Volume 87

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a comparative study of conventional malware family classification techniques and identifiy their limitations. In our study, we investigate three different feature set, function length frequency and printable string information as static features and Application Programming Interface (API) calls and API parameters as dynamic features. In our classification process, we used some of well-known machine-learning algorithms by invoking WEKA libraries. We made a comparative analysis and conclude that the independent features are not good enough to defence against current as well as future malware.