2009 4th International Conference on Malicious and Unwanted Software (MALWARE) 2009
DOI: 10.1109/malware.2009.5403021
|View full text |Cite
|
Sign up to set email alerts
|

An automated classification system based on the strings of trojan and virus families

Abstract: Classifying malware correctly is an important research issue for anti-malware software producers. This paper presents an effective and efficient malware classification technique based on string information using several wellknown classification algorithms. In our testing we extracted the printable strings from 1367 samples, including unpacked trojans and viruses and clean files. Information describing the printable strings contained in each sample was input to various classification algorithms, including treeb… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
72
0

Year Published

2015
2015
2020
2020

Publication Types

Select...
4
4

Relationship

0
8

Authors

Journals

citations
Cited by 93 publications
(72 citation statements)
references
References 13 publications
0
72
0
Order By: Relevance
“…Any malicious software for execution or replications invokes some kernel level system call to communicate with operating system; it is a sign of malicious activity. In [22,21,25], addressed automatic behavior analysis using Windows API calls, instruction set, control flow graph, function parameter analysis and system calls are used as features.…”
Section: Feature Extraction Methodsmentioning
confidence: 99%
“…Any malicious software for execution or replications invokes some kernel level system call to communicate with operating system; it is a sign of malicious activity. In [22,21,25], addressed automatic behavior analysis using Windows API calls, instruction set, control flow graph, function parameter analysis and system calls are used as features.…”
Section: Feature Extraction Methodsmentioning
confidence: 99%
“…Most of these studies used the static [3], [5], [10], [11], [13], [14], [17], [18], [21], [22], dynamic [4], [19] or hybrid [6] analysis methods. Actually, static analysis is becoming difficult because of the increasing sophistication of malware, and thus we focus on dynamic analysis approach.…”
Section: Related Workmentioning
confidence: 99%
“…To this end, various data mining and machine learning approaches [21,28,14,19,25,5,6,18,27,9,20] have been applied to categorize malware into families based on different features derived from the analysis of the malware. Indeed, malware analysis involves two fundamental techniques: static and dynamic.…”
Section: Related Workmentioning
confidence: 99%
“…Features that are commonly gleaned from a static analysis of malware include Portable Executable (PE) header metadata such as Dynamic Link Library (DLL) [21] and API calls [28], bytes sequences (or n-grams) [21,14,29], Operational Codes (OpCodes) [19,22,24], strings [21,25,12], and function length and function length frequency [26]. Strings-based techniques were shown to achieve high detection and classification accuracy compared to PE and n-grams based techniques [21,25].…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation