Abstract
In this work, we aim to classify malware using automatic classi- fiers by employing graph metrics commonly used in social net- work analysis. First, we make a malicious system call dictionary that consists of system calls found in malware. To analyze the gen- eral structural information of malware and measure the influence of system calls found in malware, we adopt social network analysis. Thus, we use social network metrics such as the degree distribu- Tion, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. Our experiments demonstrate that the proposed system performs well in classifying malware families within each malware class with accuracy greater than 98%. As exploiting the social network properties of system calls found in malware, our proposed method can not only classify the malware with fewer features than previous methods adopting graph features but also enables us to build a quick and simple de- Tection system against malware.
Original language | English |
---|---|
Title of host publication | WWW 2014 Companion - Proceedings of the 23rd International Conference on World Wide Web |
Publisher | Association for Computing Machinery, Inc |
Pages | 731-734 |
Number of pages | 4 |
ISBN (Electronic) | 9781450327459 |
DOIs | |
Publication status | Published - 2014 Apr 7 |
Event | 23rd International Conference on World Wide Web, WWW 2014 - Seoul, Korea, Republic of Duration: 2014 Apr 7 → 2014 Apr 11 |
Other
Other | 23rd International Conference on World Wide Web, WWW 2014 |
---|---|
Country/Territory | Korea, Republic of |
City | Seoul |
Period | 14/4/7 → 14/4/11 |
Keywords
- Degree distribution
- Dynamic analysis
- Malware
- Social network analysis (SNA)
- System call graph
ASJC Scopus subject areas
- Computer Networks and Communications
- Software