Mal-netminer: Malware classification based on social network analysis of call graph

Jae Wook Jang, Jiyoung Woo, Jaesung Yun, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

In this work, we aim to classify malware using automatic classi- fiers by employing graph metrics commonly used in social net- work analysis. First, we make a malicious system call dictionary that consists of system calls found in malware. To analyze the gen- eral structural information of malware and measure the influence of system calls found in malware, we adopt social network analysis. Thus, we use social network metrics such as the degree distribu- Tion, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. Our experiments demonstrate that the proposed system performs well in classifying malware families within each malware class with accuracy greater than 98%. As exploiting the social network properties of system calls found in malware, our proposed method can not only classify the malware with fewer features than previous methods adopting graph features but also enables us to build a quick and simple de- Tection system against malware.

Original languageEnglish
Title of host publicationWWW 2014 Companion - Proceedings of the 23rd International Conference on World Wide Web
PublisherAssociation for Computing Machinery, Inc
Pages731-734
Number of pages4
ISBN (Electronic)9781450327459
DOIs
Publication statusPublished - 2014 Apr 7
Event23rd International Conference on World Wide Web, WWW 2014 - Seoul, Korea, Republic of
Duration: 2014 Apr 72014 Apr 11

Other

Other23rd International Conference on World Wide Web, WWW 2014
CountryKorea, Republic of
CitySeoul
Period14/4/714/4/11

Keywords

  • Degree distribution
  • Dynamic analysis
  • Malware
  • Social network analysis (SNA)
  • System call graph

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint Dive into the research topics of 'Mal-netminer: Malware classification based on social network analysis of call graph'. Together they form a unique fingerprint.

  • Cite this

    Jang, J. W., Woo, J., Yun, J., & Kim, H. K. (2014). Mal-netminer: Malware classification based on social network analysis of call graph. In WWW 2014 Companion - Proceedings of the 23rd International Conference on World Wide Web (pp. 731-734). Association for Computing Machinery, Inc. https://doi.org/10.1145/2567948.2579364