Title :
Using closed frequent sets to cluster malwares
Author :
Sprague, Alan ; Rhodes, Adam ; Warner, Gary
Author_Institution :
Dept. of Comput. & Inf. Sci., Univ. of Alabama at Birmingham, Birmingham, AL, USA
fDate :
Oct. 30 2013-Nov. 1 2013
Abstract :
The static analysis of malwares at UAB starts with the receipt of about 5000 malwares each day. One of our goals is to cluster these malwares into families. Each malware is an executable. For processing, we represent each malware by the set of printable strings that it contains. A method we have pursued to cluster malwares into families starts with the data mining technique of generating frequent itemsets. It is difficult to generate frequent itemsets at low support thresholds, which is what our application demands. This paper discusses our successful efforts to overcome this barrier of low support threshold.
Keywords :
data mining; invasive software; pattern clustering; program diagnostics; UAB; closed frequent sets; data mining technique; frequent itemset generation; malware clustering; printable strings; static analysis; Clustering algorithms; Data mining; Educational institutions; Electronic mail; Itemsets; Malware;
Conference_Titel :
Information, Communication and Automation Technologies (ICAT), 2013 XXIV International Symposium on
Conference_Location :
Sarajevo
DOI :
10.1109/ICAT.2013.6684043
