2013 DiscriminantMalwareDistanceLear

• (Kong & Yan, 2013) ⇒ Deguang Kong, and Guanhua Yan. (2013). “Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification.” In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ISBN:978-1-4503-2174-7 doi:10.1145/2487575.2488219

Subject Headings:

Notes

Cited By

• http://scholar.google.com/scholar?q=%222013%22+Discriminant+Malware+Distance+Learning+on+Structural+Information+for+Automated+Malware+Classification
• http://dl.acm.org/citation.cfm?id=2487575.2488219&preflayout=flat#citedby

Quotes

Author Keywords

• Attribution; distance learning; function call graph; graph matching; malware; metric learning; optimization; security and protection; structure

Abstract

The voluminous malware variants that appear in the Internet have posed severe threats to its security. In this work, we explore techniques that can automatically classify malware variants into their corresponding families. We present a generic framework that extracts structural information from malware programs as attributed function call graphs, in which rich malware features are encoded as attributes at the function level. Our framework further learns discriminant malware distance metrics that evaluate the similarity between the attributed function call graphs of two malware programs. To combine various types of malware attributes, our method adaptively learns the confidence level associated with the classification capability of each attribute type and then adopts an ensemble of classifiers for automated malware classification. We evaluate our approach with a number of Windows-based malware instances belonging to 11 families, and experimental results show that our automated malware classification method is able to achieve high classification accuracy.

References

;