Malware Variants Identification in Practice Conference Paper

abstract

• Malware are persistent threats to computer systems and analysis procedures allow developing countermeasures to them. However, as samples are spreading on growing rates, malware clustering techniques are required to keep analysis procedures scalable. Current clustering approaches use Call Graphs (CGs) to identify polymorphic samples, but they consider only individual functions calls, thus failing to cluster malware variants created by replacing sample's original functions by semantically-equivalent ones. To solve this problem, we propose a behavior-based classication procedure able to group functions on classes, thus reducing analysis procedures costs. We show that classifying samples according their behaviors (via function call semantics) instead by their pure API invocation is a more effective way to cluster malware variants. We also show that using a continence metric instead of a similarity metric helps to identify malware variants when a sample is embedded in another.

name of conference

• Anais do XIX Simpsio Brasileiro de Segurana da Informao e de Sistemas Computacionais (SBSeg 2019)

authors

• Botacin, Marcus

published proceedings

• Anais do XIX Simpsio Brasileiro de Segurana da Informao e de Sistemas Computacionais (SBSeg 2019)

author list (cited authors)

• Botacin, M., Grgio, A., & De Geus, P.

citation count

• 0

complete list of authors

• Botacin, Marcus||Grégio, André||De Geus, Paulo

publication date

• September 2019

publisher

• Sociedade Brasileira de Computacao - SB  Publisher

Digital Object Identifier (DOI)

• 10.5753/sbseg.2019.13960

start page

• 29

end page

• 42

URL

• http://dx.doi.org/10.5753/sbseg.2019.13960