Malicious Executables Classification Based on Behavioral Factor Analysis

Malware is an increasingly important problem that threatens the security of computer systems. The new concept of cloud security require rapid and automated detection and classification of malicious software. In this paper,we propose a behavior-based automated classification method. Depends on behavioral analysis we characterize malware behavioral profile in a trace report. This report contains the status change caused by the executable and event which are transfered from corresponding Win32 API calls and their certain parameters, we extract behaviour unit strings as features which reflect different malware families behavioral patterns. These features vector space servered as input to the SVM. We use string similarity and information gain to reduce the dimension of feature space. Comparative experiments with a real world data set of malicious executables shows that our proposed method can classify malware into different malware families with higher accuracy and efficiency.