Toward an automatic, online behavioral Malware classification system

Raymond Canzanese, Moshe Kam, Spiros Mancoridis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Scopus citations

Abstract

Malware authors are increasingly using specialized toolkits and obfuscation techniques to modify existing malware and avoid detection by traditional antivirus software. The resulting proliferation of obfuscated malware variants poses a challenge to antivirus vendors, who must create signatures to detect each new malware variant. Although the many variants in a malware family have different static signatures, they share characteristic behavioral patterns resulting from their common function and heritage. We describe an automatic classification system that can be trained to accurately identify new variants within known malware families, using observed similarities in behavioral features extracted from sensors monitoring live computers hosts. We evaluate the accuracy of the classifier on a live testbed under a heavy computational load. The described classification system is intended to perform classification online, using the computed classes of newly detected malware variants to guide the automatic mitigation of infected hosts.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, SASO 2013
Pages111-120
Number of pages10
DOIs
StatePublished - 2013
Externally publishedYes
Event2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, SASO 2013 - Philadelphia, PA, United States
Duration: Sep 9 2013Sep 13 2013

Publication series

NameInternational Conference on Self-Adaptive and Self-Organizing Systems, SASO
ISSN (Print)1949-3673
ISSN (Electronic)1949-3681

Other

Other2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, SASO 2013
Country/TerritoryUnited States
CityPhiladelphia, PA
Period9/9/139/13/13

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Control and Systems Engineering

Keywords

  • autonomic computing
  • classification
  • decision trees
  • detection
  • machine learning
  • malware
  • mitigation

Fingerprint

Dive into the research topics of 'Toward an automatic, online behavioral Malware classification system'. Together they form a unique fingerprint.

Cite this