On challenges in evaluating malware clustering

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6307 LNCS, Issue , 2010, Pages 238-255

  Li, Peng ^a   Liu, Limin ^b   Gao, Debin ^c   Reiter, Michael K ^a  

^a CB 3175 Sitterson Hall   (United States)

^b GRADUATE SCHOOL   (China)

^c SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

Author keywords

malware clustering and classification; plagiarism detection

Indexed keywords

INTELLECTUAL PROPERTY; INTRUSION DETECTION; MALWARE; STATISTICAL TESTS;

CLUSTER-SIZE DISTRIBUTION; CLUSTERING RESULTS; DIFFERENT DOMAINS; FULLY AUTOMATED; GROUND TRUTH DATA; HIGHLY ACCURATE; MALWARE ANALYSIS; PLAGIARISM DETECTION;

CLUSTERING ALGORITHMS;

EID: 78249253017     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-15512-3_13     Document Type: Conference Paper

References (26)

1. Threatexpert3, http://www.threatexpert.com/
2. Norman sandbox center (2008), http://www.norman.com/security-center/ security-tools/en
3. VX Heavens (2010), http://vx.netlux.org/
4. Aiken, A.: Moss: a system for detecting software plagiarism, http://theory.stanford.edu/~aiken/moss/
5. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178-197. Springer, Heidelberg (2007)
6. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the Network and Distributed System Security Symposium (2009)
7. Bayer, U., Kruegel, C., Kirda, E.: Ttanalyze: A tool for analyzing malware. In: 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (2006)
8. Commtouch, Inc. Malware outbreak trend report: Bagle/beagle (March 2007), http://www.commtouch.com/documents/Bagle-Worm-MOTR.pdf
9. Gheorghescu, M.: An automated virus classification system. In: Proceedings of the Virus Bulletin Conference, VB (1994)
10. Ha, K.: Keylogger.stawin, http://www.symantec.com/security-response/ writeup.jsp?docid=2004-012915-2315-99
11. Hu, X., Chiueh, T., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: Proceedings of 16th ACM Conference on Computer and Communications Security (2009)
12. Kamiya, T., Kusumoto, S., Inoue, K.: Ccfinder: A multi-linguistic token-based code clone detection system for large scale source code. IEEE Trans. on Software Engineering, 654-670 (2002)
13. Lee, T., Mody, J.J.: Behavioral classification. In: 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (2006)
14. McAfee. W97m/opey.c, http://vil.nai.com/vil/content/v-10290.htm
15. Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010 (2010)
16. Rieck, K., Holz, T., Willems, C., Dussel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108-125. Springer, Heidelberg (2008)
17. Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. Technical Report 18-2009, Berlin Institute of Technology (2009)
18. Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: Bitblaze: A new approach to computer security via binary analysis. In: Proceedings of the 4th International Conference on Information Systems Security (December 2008)
19. Symantec. Spyware.e2give, http://www.symantec.com/security-response/ writeup.jsp?docid=2004-102614-1006-99
20. Symantec. Xeram.1664, http://www.symantec.com/security response/ writeup.jsp?docid=2000-121913-2839-99
21. Tamada, H., Okamoto, K., Nakamura, M., Monden, A., Matsumoto, K.: Dynamic software birthmarks to detect the theft of windows applications. In: International Symposium on Future Software Technology (2004)
22. Tan, P., Steinbach, M., Kumar, V.: Introduction to Data Mining. Addison-Wesley, Reading (2006)
23. Wang, X., Jhi, Y., Zhu, S., Liu, P.: Detecting software theft via system call based birthmarks. In: Proceedings of 25th Annual Computer Security Applications Conference (2009)
24. Whale, G.: Identification of program similarity in large populations. Computer Journal, Special Issue on Procedural Programming, 140-146 (1990)
25. Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), pp. 32-39 (2007)
26. Wise, M.J.: Detection of similarities in student programs: Yaping may be preferable to plagueing. In: Proceedings of the 23rd SIGCSE Technical Symposium (1992)