Incremental clustering method based on Gaussian mixture model to identify malware family

Jianwei HU; Xin CHE; Man ZHOU; Yanpeng CUI

Tongxin xuebao (Jun 2019)

Incremental clustering method based on Gaussian mixture model to identify malware family

Jianwei HU,
Xin CHE,
Man ZHOU,
Yanpeng CUI

Affiliations

Jianwei HU
Xin CHE
Man ZHOU
Yanpeng CUI

Journal volume & issue: Vol. 40
pp. 148 – 159

Abstract

Read online

Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods were combined to analyze malicious behavior characteristics.In addition,according to the purpose,inheritance and diversity of the malware family,the transitive closure relationship of the malware family was constructed,and then the incremental clustering method based on Gaussian mixture model was improved to identify the malware family.Experiments show that the proposed method can not only save the storage space of malware detection,but also significantly improve the detection accuracy and recognition efficiency.

malware family;Gaussian mixture model;incremental clustering;API function call;logic rule

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords