The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants. 1 I.
Control systems are used to automate industrial processes, smart grids, and smart cities. Unfortunately, cyber attacks on control systems are on the rise. Additionally, control systems lack the plethora of tools available for commodity systems for forensic investigation. An important step towards the proper forensic investigation is to analyze device memory. To assist in identifying features of device memory, we present a machine learning-based technique that integrates ontology information for feature classification in a control system device’s memory.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.