Title :
On Malicious Software Classification
Author_Institution :
Dept. of Inf. Technol., Hubei Univ. of Police, Wuhan
Abstract :
In recent years, the number of malware families /variants has exploded dramatically. Automatic malware classification is becoming an important research area. In this paper, we propose a behavior-based automated classification method based on distance measure and machine learning. We represent a file by its runtime behavior in the form of sequenced events then structure the event information in a canonical format and store them in database. After machine learning classifier constructed the similarities and patterns learned by the classifiers are applied to classify new objects.
Keywords :
invasive software; learning (artificial intelligence); pattern classification; automatic malware classification; behavior-based automated classification method; distance measure; machine learning classifier; malicious software classification; malware family; runtime behavior; sequenced events; Databases; Machine learning; Runtime; classfication; event; malicious ware;
Conference_Titel :
Intelligent Information Technology Application Workshops, 2008. IITAW '08. International Symposium on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3505-0
DOI :
10.1109/IITA.Workshops.2008.106
