Exploring network-based malware classification
Exploring network-based malware classification
Over the last years, dynamic and static malware analysis techniques have made significant progress. Majority of the existing analysis systems primarily focus on internal host activity. In spite of the importance of network activity, only a limited set of analysis tools have recently started taking it into account. In this work, we study the value of network activity for malware classification by various antivirus products. Specifically, we ask the following question: How well can we classify malware according to network activity? We monitor the execution of a malware sample in a controlled environment and summarize the obtained high-level network information in a graph. We then analyze graphs similarity to determine whether such high-level behavioral profile is sufficient to provide accurate classification of mal-ware samples. The experimental study on a real-world mal-ware collection demonstrates that our approach is able to group malware samples that behave similarly.
- University of New Brunswick Canada
- Communications Research Centre Canada Canada
- University of South Alabama United States
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).9 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!