An automated classification system based on the strings of trojan and virus families

2009 4th International Conference on Malicious and Unwanted Software, MALWARE 2009

Volumn , Issue , 2009, Pages 23-30

  Tian, Ronghua ^a   Batten, Lynn ^a   Islam, Rafiqul ^a   Versteeg, Steve ^b  

^a DEAKIN UNIVERSITY   (Australia)

^b CA Labs   (Australia)

Author keywords

Classification; Malware; Strings

Indexed keywords

ADABOOST; ANTI-MALWARE; AUTOMATED CLASSIFICATION SYSTEMS; CLASSIFICATION ACCURACY; CLASSIFICATION ALGORITHM; CLASSIFICATION TECHNIQUE; CROSS VALIDATION; LIBRARY CODES; MALICIOUS CODES; MALWARES; NEAREST NEIGHBOUR; RESEARCH ISSUES; STATISTICAL ALGORITHM; TREE-BASED; TROJANS;

ADAPTIVE BOOSTING; ALGORITHMS; COMPUTER SOFTWARE; SECURITY OF DATA; VIRUSES;

COMPUTER CRIME;

EID: 77950115244     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MALWARE.2009.5403021     Document Type: Conference Paper

References (19)

1. M. Bailey, J. Oberheide, J. Andersen, Z.M. Mao, F. Jahanian, and J. Nazario, Automated classification and analysis of Internet malware. Springer-Verlag, LNCS4637, 178-197, 2007.
2. U. Bayer, C. Kruegel and E. Kirda : TTAnalyze: A tool for analyzing malware. In Proceedings of EICAR 2006, April 2006.
3. U. Bayer, A. Moser, C. Kruegel and E. Kirda: Dynamic analysis of malicious code. Journal in Computer Virology, vol 2, pp. 67-77, 2006.
4. E. Carrera. 4x5: Reverse engineering automation with python, 2007. https://www.blackhat.com/presentations/bh-usa-07/Carrera/Presentation/ bhusa-07-carrera.pdf. pp. 2632, Accessed on June 12, 2008.
5. N. Cristianini and J. Shawe-Taylor. An introduction to Support Vector Machines and other kernel-based learning methods. Cambridge University Press, 2000.
6. M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In Foundations of Software Engineering, pages 110, 2007.
7. R. Duda and P. Hart. Bayes Decision Theory, John Wiley, Chapter 2, pp. 10-43. 1973.
8. M. Gheorghescu, An automated virus classification system. In Virus Bulletin Conference October 2005, pp. 294300, 2005.
9. A. Kapoor and J. Spurlock. Binary feature extraction and comparison. In Presentation at AVAR 2006, Auckland, December 35, 2006.
10. A. Moser, C. Kruegel and E. Kirda : Exploring multiple execution paths for malware analysis. In Proceedings of 2007 IEEE Symposium on Security and Privacy, 2007.
11. S. Peisert, M. Bishop, S. Karin, and K. Marzullo. Analysis of computer intrusions using sequences of function calls. In IEEE Transactions on dependable and secure computing, vol 4, pp. 315, 2007.
12. K. Rieck, T. Holz, C. Willems, P. Dussel and P. Laskov. Learning and classification of malware behavior. Springer-Verlag, LNCS 5137, pp. 108-125, 2008.
13. S. Sathyanarayan, P. Kohli, and B. Bruhadeshwar. Signature generation and detection of malware families. In ACISP 2008. Springer LNCS, 2008.
14. Z. Shafiq, M. Tabish and M. Farooq. Are evolutionary rule learning algorithms appropriate for malware detection? In Proceedings of GECCO09, ACM. 2009.
15. P. Szor. The art of antivirus research. Wiley Publishers, 2005.
16. R. Tian, L.M. Batten and S.C. Versteeg, Function Length as a Tool for Malware Classification, Malware, 2008.
17. V.N. Vapnik, Statistical Learning Theory, John Wiley, New York, 1999.
18. M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A.C. Snoeren, G.M. Voelker and S.Savage. Scalability, fidelity, and containment in the potemkin virtual honeyfarm. SIGOPS Oper. Syst. Rev. 39(5), 148162, 2005.
19. C. Willems, T. Holz and F. Freiling : CWSandbox: Towards automated dynamic binary analysis. IEEE Security and Privacy, 5(2), 2007.