Mal-netminer: Malware classification based on social network analysis of call graph

Jae Wook Jang, Jiyoung Woo, Jaesung Yun, Huy Kang Kim

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    14 Citations (Scopus)

    Abstract

    In this work, we aim to classify malware using automatic classi- fiers by employing graph metrics commonly used in social net- work analysis. First, we make a malicious system call dictionary that consists of system calls found in malware. To analyze the gen- eral structural information of malware and measure the influence of system calls found in malware, we adopt social network analysis. Thus, we use social network metrics such as the degree distribu- Tion, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. Our experiments demonstrate that the proposed system performs well in classifying malware families within each malware class with accuracy greater than 98%. As exploiting the social network properties of system calls found in malware, our proposed method can not only classify the malware with fewer features than previous methods adopting graph features but also enables us to build a quick and simple de- Tection system against malware.

    Original languageEnglish
    Title of host publicationWWW 2014 Companion - Proceedings of the 23rd International Conference on World Wide Web
    PublisherAssociation for Computing Machinery, Inc
    Pages731-734
    Number of pages4
    ISBN (Electronic)9781450327459
    DOIs
    Publication statusPublished - 2014 Apr 7
    Event23rd International Conference on World Wide Web, WWW 2014 - Seoul, Korea, Republic of
    Duration: 2014 Apr 72014 Apr 11

    Other

    Other23rd International Conference on World Wide Web, WWW 2014
    Country/TerritoryKorea, Republic of
    CitySeoul
    Period14/4/714/4/11

    Keywords

    • Degree distribution
    • Dynamic analysis
    • Malware
    • Social network analysis (SNA)
    • System call graph

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Software

    Fingerprint

    Dive into the research topics of 'Mal-netminer: Malware classification based on social network analysis of call graph'. Together they form a unique fingerprint.

    Cite this