Title :
Exploring network-based malware classification
Author :
Stakhanova, Natalia ; Couture, Mathieu ; Ghorbani, Ali A.
Author_Institution :
Sch. of CIS, Univ. of South Alabama, Mobile, AL, USA
Abstract :
Over the last years, dynamic and static malware analysis techniques have made significant progress. Majority of the existing analysis systems primarily focus on internal host activity. In spite of the importance of network activity, only a limited set of analysis tools have recently started taking it into account. In this work, we study the value of network activity for malware classification by various antivirus products. Specifically, we ask the following question: How well can we classify malware according to network activity? We monitor the execution of a malware sample in a controlled environment and summarize the obtained high-level network information in a graph. We then analyze graphs similarity to determine whether such high-level behavioral profile is sufficient to provide accurate classification of malware samples. The experimental study on a real-world malware collection demonstrates that our approach is able to group malware samples that behave similarly.
Keywords :
graph theory; invasive software; pattern classification; antivirus products; dynamic malware analysis; exploring network based malware classification; graph theory; malware collection; malware sample; malware samples; network activity; static malware analysis; Analysis of variance; Data mining; Electronic mail; Internet; Malware; Protocols; Software;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on
Conference_Location :
Fajardo
Print_ISBN :
978-1-4673-0031-5
DOI :
10.1109/MALWARE.2011.6112321
