Fingerprinting Malware Families Under Uncertainty

Fingerprinting Malware Families Under Uncertainty

연구 분야: Safety

학회: IFIP International Conference on Digital Forensics

The majority of attacks on the information technology infrastructure are executed by sets of malware that are variants of each another. Therefore, it is critical to identify malware and their variants based on their behavior captured in trace data. This chapter presents a methodology for grouping malware and their variants based on similar behavior using traces that are imprecise and incomplete. Inspired by biological sequence analysis, the methodology represents traces as discrete-time Markov chains. Kullback-Leibler divergence and Jensen-Shannon divergence are computed as similarity metrics for pairwise comparisons of the discrete-time Markov chains and edge-labeled graphs based on the traces and similarities are constructed. Following this, minimum spanning tree and community detection algorithms are successively applied to the edge-labeled graphs to construct malware families. The features extracted from the malware families and their variants are employed in machine learning models for automated malware detection and classification. The results of experiments conducted to validate the methodology demonstrate its efficacy at fingerprinting malware families.