Malwares are growing exponentially in number, and authors of malwares are continuously releasing new ones. Malwares developed by the same author group might have similar signatures. For a number of applications including digital forensic and law enforcement, such characteristics can be used to determine which author group is likely to have released a given malware. In this paper, we describe a new type of classification that identifies which group of authors is most likely to have developed a given malware. We identify and verify a set of various features obtained through static and dynamic analyses of malwares and exploit them for classification. We evaluate our approach through extensive experiments with a real-world dataset labeled by a group of domain experts. The results show that our approach is effective and provides good accuracy in malware classification.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.