Research on Features Selection in Malware Clustering

doi:10.3969/j.issn.1671-1122.2016.09.013

Abstract

Abstract:

The increment of malware has exploded in recent years. As a result, using cluster algorithm to detect malware families has received the favors of security vendors. Malware clustering is the task of converging sample that has similar behavior or structure in the same group (called a cluster), and features selection plays a vital role in malware clustering. Firstly this paper discusses carefully the common features used in existing study of malware clustering and compares these features with each other. The most of existing works focus on the clustering based on single feature vector, while single feature vector is not capable of describing all the characteristics of malware. To solve this problem, then multi feature vector pairs are proposed to cluster malware. Also, according to the clustering results, the specific indexes are defined to evaluate the selected feature vectors. Finally, combining with DBSCAN clustering algorithm, several feature vectors and their combinations are selected to test. The result shows that multi feature vector pairs are superior to single feature vector in identifying malware families.

Key words: features selection, malware, cluster analysis

CLC Number:

TP309

Yi WANG, Yong TANG, Zexin LU, Xin YU. Research on Features Selection in Malware Clustering[J]. Netinfo Security, 2016, 16(9): 64-68.

Figures/Tables 5

References 11

[1]	陈晓,赵晶玲. 大数据处理中混合型聚类算法的研究与实现[J]. 信息网络安全,2015(4):45-49.
[2]	KOSTAKIS O.Classy: Fast Clustering Streams of Call-graphs[J]. Data Mining and Knowledge Discovery, 2014, 28(5-6): 1554-1585.
[3]	RIECK K, TRINIUS P, WILLEMS C, et al.Automatic Analysis of Malware Behavior Using Machine Learning[J]. Journal of Computer Security, 2011, 19(4): 639-668.
[4]	钱雨村,彭国军,王滢,等. 恶意代码同源性分析及家族聚类[J].计算机工程与应用,2015(18):76-81.
[5]	孔德光,谭小彬,奚宏生,等. 提升多维特征检测迷惑恶意代码[J]. 软件学报,2011,22(3): 522-533.
[6]	维基百科.X86[EB/OL].,2016-06-07.
[7]	秦青文,王戟,孙旭光,等. 基于IDA-Pro 的软件逆向分析方法[J]. 计算机工程,2008,34(22): 86-88.
[8]	任伟,柳坤,周金. AnDa:恶意代码动态分析系统[J]. 信息网络安全,2014(8):28-33.
[9]	Mateusz "j00ru" Jurczyk .Microsoft Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8)[EB/OL]. , 2016-06-07.
[10]	Pang-Ning Tan,Michael Steinbach,Vipin Kumar著. 数据挖掘导论(完整版) [M].范明,范宏建,等译.北京:人民邮电出版社,2011.
[11]	高悦,王文贤,杨淑贤. 一种基于狄利克雷过程混合模型的文本聚类算法[J].信息网络安全,2015(11):60-65.

[1]	Liuyang HOU, Senlin LUO, Limin PAN, Ji ZHANG. Multi-feature Android Malware Detection Method [J]. Netinfo Security, 2020, 20(1): 67-74.
[2]	Xin SONG, Kai ZHAO, Linlin ZHANG, Wenbo FANG. Research on Android Malware Detection Based on Random Forest [J]. Netinfo Security, 2019, 19(9): 1-5.
[3]	Yanchen QIAO, Qingshan JIANG, Liang GU, Xiaoming WU. Malware Classification Method Based on Word Vector of Assembly Instruction and CNN [J]. Netinfo Security, 2019, 19(4): 20-28.
[4]	Xuruirui FENG, Jiayong LIU, Pengsen CHENG. Analyzing Malware Behavior and Capability Related Text Based on Feature Extraction [J]. Netinfo Security, 2019, 19(12): 72-78.
[5]	Jian ZHANG, Bohan CHEN, Liangyi GONG, Zhaojun GU. Research on Malware Detection Technology Based on Image Analysis [J]. Netinfo Security, 2019, 19(10): 24-31.
[6]	Yunchun LI, Wentao LU, Wei LI. Malware Detection Method Based on Shapelet [J]. Netinfo Security, 2018, 18(3): 70-77.
[7]	Jian ZHANG, Wenxu WANG, Pengfei NIU, Zhaojun GU. Research on Test Evaluation System of Anti-malware Products and Service [J]. Netinfo Security, 2016, 16(9): 113-117.
[8]	Lin CAI, Tieming CHEN. Research Review and Outlook on Android Mobile Malware Detection [J]. Netinfo Security, 2016, 16(9): 218-222.
[9]	Yong DING, Wei CAO, Senlin LUO. Research on the Technology of Malware Behavior Monitoring Based on LKM System Call Hijacking [J]. Netinfo Security, 2016, 16(4): 1-8.
[10]	Jiaping LIN, Hui LI. Review of Android Malware Detection [J]. Netinfo Security, 2016, 16(10): 80-88.
[11]	Shengjun ZHENG, Longhua GUO, Jian CHEN, Shujun NAN. An Online Detection System for Advanced Malware Based on Virtual Execution Technology [J]. Netinfo Security, 2016, 16(1): 29-33.
[12]	Shifeng HUANG, Yajun GUO, Jianqun CUI, Qingjiang ZENG. Mobile Malware Detection Based on Optimized Fuzzy C-Means [J]. Netinfo Security, 2016, 16(1): 45-50.
[13]	Yaqian SHU, Anmin FU, Zhentao HUANG. Design and Implementation of a Malware Detection System for Mobile Payment on the Cloud [J]. Netinfo Security, 2016, 16(1): 59-63.
[14]	SHANG Jin, XIE Jun, JIANG Dong-yi, CHEN Huai-lin. Research on Abnormal Behavior Analysis of Modern Networking Security Architecture [J]. 信息网络安全, 2015, 15(9): 15-19.
[15]	LI Wen-yang. Research on Android Malware Detection Technology [J]. 信息网络安全, 2015, 15(9): 62-65.