Abstract
Since attackers easily have been making malware using dedicated malware generation tools, the number of malware is increasing rapidly. However, it is hard to analyze all malwares because of rise in high-volume of malwares. For this reason, many researchers have proposed the malware classification methods for classifying new and well-known types of malwares in order to focus on analyzing new malwares. The existing methods mostly try to find out good features which are used as a criterion of calculating a similarity between malwares for improving a classification accuracy. So, these methods extract the features including malicious behavior information by performing static and dynamic analysis, but analyzing many malwares itself spends too much time and efforts. In this paper, we propose a malware classification method for finding new types from large scale malwares using generic malware information. Proposed method can be used for a pre-step so as to help the existing methods reduce the spending time in analysis and classification for malwares. It improve the classificaion accuracy of malwares by using an imphash and proved a classification accuracy based on the imphash is more than 99 % while maintaining a low false positive rate.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
McAfee Labs Threats Report: February 2015. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2014.pdf
Leder, F., Steinbock, B., Martini, P.: Classification and detection of metamorphic malware using value set analysis. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 39–46 (2009)
Schultz, M.G., Eskin, E., Zadok, E.: Data mining methods for detection of new malicious executables. In: Security and Privacy, pp. 38–49 (2001)
Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007)
Nakazato, J., Song, J., Eto, M., Inoue, D., Nakao, K.: A novel malware clustering method using frequency of function call traces in parallel threads. Inst. Electron. Inf. Commun. Eng. E94–D(11), 2150–2158 (2011)
Tian, R., Batten, L., Islam, R., Versteeg, S.: An automated classification system based on the strings of trojan and virus families. In: 4th International Conference on Malicious and Unwanted Software, 2009. IEEE, pp. 23–30 (2009)
Iwamoto, K., Wasaki, K.: Malware classification based on extracted API sequences using static analysis. In: 12th Proceedings of the Asian Internet Engineering Conference, pp. 31–38 (2012)
Kong, D., Yan, G.: Discriminant malware distance learning on structural information for automated malware classification. In: ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems, pp. 347–348 (2013)
Park, Y., Reeves, D., Mulukutla, V., Sundaravel, B.: Fast malware classification by automated behavioral graph matching. In: 6th Annual Workshop on Cyber Security and Information Intelligence Research, Article no. 45 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Choi, J., Kim, H., Choi, J., Song, J. (2015). A Malware Classification Method Based on Generic Malware Information. In: Arik, S., Huang, T., Lai, W., Liu, Q. (eds) Neural Information Processing. ICONIP 2015. Lecture Notes in Computer Science(), vol 9490. Springer, Cham. https://doi.org/10.1007/978-3-319-26535-3_38
Download citation
DOI: https://doi.org/10.1007/978-3-319-26535-3_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26534-6
Online ISBN: 978-3-319-26535-3
eBook Packages: Computer ScienceComputer Science (R0)