Toward extracting malware features for classification using static and dynamic analysis

Because of a great many malware, they must be classified into malware family before being analyzed manually. Otherwise, we cannot analyze and handle them in real time. By classifying them, we can analyze only some unknown malwares intensively. In this paper, we propose a framework for malware classification using static and dynamic analysis. We focus on techniques that extract malware features. We name the framework GATTACA(Genome-based ATTACk geneAlogy) from the movie that covers genome of human. We define features of Malware as Mal-DNA(Malware DNA). Mal-DNA includes static, hybrid and dynamic characteristics. In short, GATTACA is the framework for extracting Mal-DNA from malwares and classifying them. GATTACA consists of three components: (1) START(STatic Analyzer using vaRious Techniques) extracts static Mal-DNA of malware. (2) DeBON(Debugging-based Behavior mOnitor and aNalyzer) extracts hybrid and dynamic Mal-DNA of them. (3) CLAM(CLassifier using Mal-DNA) classifies malwares based on Mal-DNA using machine learning. START and DeBON extract Mal-DNA, and CLAM classifies malwares based on Mal-DNA. In this paper, we target on START and DeBON extracting Mal-DAN from malwares.