Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cloud Computing and Security

ICCCS 2015: Cloud Computing and Security pp 181–191Cite as

Malware Clustering Based on SNN Density Using System Calls

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9483))

Abstract

Clustering is an important part of the malware analysis. The malware clustering algorithms commonly used at present have gradually can not adapt to the growing number of malware. In order to improve the malware clustering algorithm, this paper uses the clustering algorithm based on Shared Nearest Neighbor (SNN), and uses frequencies of the system calls as the features for input. This algorithm combined with the DBSCAN which is traditional density-based clustering algorithm in data mining. This makes it is a better application in the process of clustering of malware. The results of clusters demonstrate that the effect of the algorithm of clustering is good. And the algorithm is simple to implement and easy to complete automated analysis. It can be applied to actual automated analysis of malware.

The work was supported the project supported by the National Natural Science Foundation of China (Grant No. 61472437).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Wang, H.-T., Mao, C.-H., Wei, T.-E., Lee, H.-M.: Clustering of similar malware behavior via structural host-sequence comparison. In: IEEE 37th Annual Computer Software and Applications Conference (2013)

    Google Scholar 

  2. Hu, X., Bhatkar, S., Griffin, K., Kang, G.: MutantX-S: scalable malware clustering based on static features. In: Proceedings of the 2013 USENIX Conference on Annual Technical Conference (2013)

    Google Scholar 

  3. Kostakis, O.: Classy: fast clustering streams of call-graphs. Data Min. Knowl. Dis. 28, 1554–1585 (2014)

    Article  MathSciNet  Google Scholar 

  4. Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Rol, F.: Poisoning behavioral malware clustering. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (2014)

    Google Scholar 

  5. Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware cate-gorization using cluster ensemble. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 95–104(2010)

    Google Scholar 

  6. Perdisci, R., ManChon, U.: VAMO: towards a fully automated malware clustering validity analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference (2012)

    Google Scholar 

  7. Bayer, U., Comparetti, P.M., Hlauscheck, C., et al.: Scalable, behavior-based malware clustering. In: 16th Symposium on Network and Distributed System Security (NDSS) (2009)

    Google Scholar 

  8. Iwamoto, K., Wasaki, K.: Malware classification based on extracted API sequences using static analysis. In: Proceedings of the Asian Internet Engineeering Conference (2012)

    Google Scholar 

  9. Yan, G., Brown, N., Kong, D.: Exploring discriminatory features for automated malware classification. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 41–61. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Cesare, S., Xiang, Y., Zhou, W.: Malwise: an effective and efficient classification system for Packed and Polymorphic Malware. IEEE Trans. Comput. 62, 1193–1206 (2013)

    Article  MathSciNet  Google Scholar 

  11. Cesare, S., Xiang, Y., Zhou, W.: Control flow-based malware variant detection. IEEE Trans. Dependable Secure Comput. 11, 304–317 (2014)

    Article  Google Scholar 

  12. Hongbo, S., Tomoki, H., Katsunari, Y.: Structural classification and similarity measurement of malware. IEEJ Trans. Electr. Electron. Eng. 9, 621–632 (2014)

    Article  Google Scholar 

  13. Jang, J.-W., Woo, J., Yun, J., Kim, H.K.: Mal-netminer: malware classification based on social network analysis of call graph. In: Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National University of Defense Technology, Changsha, 400073, Hunan, China

    Wang Shuwei

  2. Institute of Network and Information Security, National University of Defense Technology, Changsha, 400073, Hunan, China

    Wang Baosheng, Yong Tang & Yu Bo

Authors
  1. Wang Shuwei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wang Baosheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Bo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Tang .

Editor information

Editors and Affiliations

  1. Nanjing University of Aeronautics and As, Nanjing, China

    Zhiqiu Huang

  2. Nanjing University of Information Scienc, Nanjing, China

    Xingming Sun

  3. Nanjing, China

    Junzhou Luo

  4. Nanjing University of Aeronautics and As, Nanjing, China

    Jian Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Shuwei, W., Baosheng, W., Tang, Y., Bo, Y. (2015). Malware Clustering Based on SNN Density Using System Calls. In: Huang, Z., Sun, X., Luo, J., Wang, J. (eds) Cloud Computing and Security. ICCCS 2015. Lecture Notes in Computer Science(), vol 9483. Springer, Cham. https://doi.org/10.1007/978-3-319-27051-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27051-7_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27050-0

  • Online ISBN: 978-3-319-27051-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation