Online analytical model of massive malware based on feature clusting

Xiao-lin XU; Xiao-chun YUN; Yong-lin ZHOU; Xue-bin KANG

Tongxin xuebao (Aug 2013)

Online analytical model of massive malware based on feature clusting

Xiao-lin XU,
Xiao-chun YUN,
Yong-lin ZHOU,
Xue-bin KANG

Affiliations

Xiao-lin XU
Xiao-chun YUN
Yong-lin ZHOU
Xue-bin KANG

Journal volume & issue: Vol. 34
pp. 146 – 153

Abstract

Read online

In order to improve the effectiveness and efficiency of mass malicious code analysis,an online analytical model was proposed including feature space construction,automatic feature extraction and fast clustering.Our research focused on the law of malware behavior and code string distribution by dynamic and static techniques.In this model,a sample was described with its API and key code fragment.This model proposed a fast clustering approach to identify group samples that exhibit similar feature when applied this model to real-world malware collections.The result demonstrates that the proposed model is able to extract feature automatically,support streaming data clustering on large-scale,and achieve better precision.

malware;on-line analytical;fast clustering;feature extraction

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords