Automatic Analysis of Malware Behavior using Machine Learning

Automatic Analysis of Malware Behavior using Machine Learning,Konrad Rieck,Philipp Trinius,Carsten Willems,Thorsten Holz

Automatic Analysis of Malware Behavior using Machine Learning   (Citations: 3)
BibTex | RIS | RefWorks Download
Malicious software—so called malware—poses a major threat to the security of com- puter systems. The amount and diversity of its variants render classic security defenses ineffective, such that millions of hosts in the Internet are infected with malware in form of computer viruses, Internet worms and Trojan horses. While obfuscation and poly- morphism employed by malware largely impede detection at file level, the dynamic analysis of malware binaries during run-time provides an instrument for characterizing and defending against the threat of malicious software. In this article, we propose a framework for automatic analysis of malware behav- ior using machine learning. The framework allows for automatically identifying novel classes of malware with similar behavior (clustering) and assigning unknown malware to these discovered classes (classification). Based on both, clustering and classification, we propose an incremental approach for behavior-based analysis, capable to process the behavior of thousands of malware binaries on a daily basis. The incremental analysis significantly reduces the run-time overhead of current analysis methods, while provid- ing an accurate discovery and discrimination of novel malware variants.
Published in 2011.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Rieck et al. [4] propose a framework for automatic analysis of malware behavior using machine learning...

    Ivan Firdausiet al. Analysis of Machine learning Techniques Used in Behavior-Based Malware...

    • ...Such grouping is often performed using machine learning, either by clustering (e.g., [6,17,15]) or by classification (e.g., [13,5,16,11]), which are unsupervised and supervised techniques, respectively...
    • ...This approach is used by Rieck et al. [17] and Bayer et al. [6] in evaluating their clustering techniques...
    • ...In this case, when it is desirable to reduce these two measures into one, a common approach (e.g., [17]) is to use the F-measure:...

    Peng Liet al. On Challenges in Evaluating Malware Clustering

Sort by: