Abstract
Clustering is an important part of the malware analysis. The malware clustering algorithms commonly used at present have gradually can not adapt to the growing number of malware. In order to improve the malware clustering algorithm, this paper uses the clustering algorithm based on Shared Nearest Neighbor (SNN), and uses frequencies of the system calls as the features for input. This algorithm combined with the DBSCAN which is traditional density-based clustering algorithm in data mining. This makes it is a better application in the process of clustering of malware. The results of clusters demonstrate that the effect of the algorithm of clustering is good. And the algorithm is simple to implement and easy to complete automated analysis. It can be applied to actual automated analysis of malware.
The work was supported the project supported by the National Natural Science Foundation of China (Grant No. 61472437).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Wang, H.-T., Mao, C.-H., Wei, T.-E., Lee, H.-M.: Clustering of similar malware behavior via structural host-sequence comparison. In: IEEE 37th Annual Computer Software and Applications Conference (2013)
Hu, X., Bhatkar, S., Griffin, K., Kang, G.: MutantX-S: scalable malware clustering based on static features. In: Proceedings of the 2013 USENIX Conference on Annual Technical Conference (2013)
Kostakis, O.: Classy: fast clustering streams of call-graphs. Data Min. Knowl. Dis. 28, 1554–1585 (2014)
Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Rol, F.: Poisoning behavioral malware clustering. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (2014)
Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware cate-gorization using cluster ensemble. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 95–104(2010)
Perdisci, R., ManChon, U.: VAMO: towards a fully automated malware clustering validity analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference (2012)
Bayer, U., Comparetti, P.M., Hlauscheck, C., et al.: Scalable, behavior-based malware clustering. In: 16th Symposium on Network and Distributed System Security (NDSS) (2009)
Iwamoto, K., Wasaki, K.: Malware classification based on extracted API sequences using static analysis. In: Proceedings of the Asian Internet Engineeering Conference (2012)
Yan, G., Brown, N., Kong, D.: Exploring discriminatory features for automated malware classification. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 41–61. Springer, Heidelberg (2013)
Cesare, S., Xiang, Y., Zhou, W.: Malwise: an effective and efficient classification system for Packed and Polymorphic Malware. IEEE Trans. Comput. 62, 1193–1206 (2013)
Cesare, S., Xiang, Y., Zhou, W.: Control flow-based malware variant detection. IEEE Trans. Dependable Secure Comput. 11, 304–317 (2014)
Hongbo, S., Tomoki, H., Katsunari, Y.: Structural classification and similarity measurement of malware. IEEJ Trans. Electr. Electron. Eng. 9, 621–632 (2014)
Jang, J.-W., Woo, J., Yun, J., Kim, H.K.: Mal-netminer: malware classification based on social network analysis of call graph. In: Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Shuwei, W., Baosheng, W., Tang, Y., Bo, Y. (2015). Malware Clustering Based on SNN Density Using System Calls. In: Huang, Z., Sun, X., Luo, J., Wang, J. (eds) Cloud Computing and Security. ICCCS 2015. Lecture Notes in Computer Science(), vol 9483. Springer, Cham. https://doi.org/10.1007/978-3-319-27051-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-27051-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27050-0
Online ISBN: 978-3-319-27051-7
eBook Packages: Computer ScienceComputer Science (R0)