A decision-theoretic generalization of on-line learning and an application to boosting
EuroCOLT '95 Proceedings of the Second European Conference on Computational Learning Theory
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automatic analysis of malware behavior using machine learning
Journal of Computer Security
Proceedings of the 4th ACM workshop on Security and artificial intelligence
BitShred: feature hashing malware for scalable triage and semantic analysis
Proceedings of the 18th ACM conference on Computer and communications security
Graph-based malware detection using dynamic analysis
Journal in Computer Virology
Malware classification based on call graph clustering
Journal in Computer Virology
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Improving malware classification: bridging the static/dynamic gap
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Hi-index | 0.00 |
The voluminous malware variants that appear in the Internet have posed severe threats to its security. In this work, we explore techniques that can automatically classify malware variants into their corresponding families. We present a generic framework that extracts structural information from malware programs as attributed function call graphs, in which rich malware features are encoded as attributes at the function level. Our framework further learns discriminant malware distance metrics that evaluate the similarity between the attributed function call graphs of two malware programs. To combine various types of malware attributes, our method adaptively learns the confidence level associated with the classification capability of each attribute type and then adopts an ensemble of classifiers for automated malware classification. We evaluate our approach with a number of Windows-based malware instances belonging to 11 families, and experimental results show that our automated malware classification method is able to achieve high classification accuracy.