Mapping, Exploration, and Detection Strategies for Malware Universe

  • Fatima AlShamsi

Student thesis: Master's Thesis

Abstract

New malwares are evading detection by using obfuscation techniques. Hence, new techniques are needed to overcome the limitations present in current detection strategies. Methods such as malware sequence alignment has proven to be effective in terms of high detection accuracy rate, yet, such technique suffers from high computational complexity which takes extremely long time to compute distances between malware sequences. Given that there are millions of malware samples appearing every day, we need to reduce the computational complexity while maintaining a high detection accuracy. In this work, we propose a clustering framework to identify similar malware behaviors based on sequential behavioral similarity. We evaluate our method by using three algorithms, namely, Longest Common Prefix (LCP), Longest Common Subsequence (LCS), and Optimal Matching (OM) algorithms. The novelty in our work is mapping similar malware applications using LCP algorithm which has proven to be effective in terms of identifying similar behavioral patterns for different malware families, as well as the detection of different varients belonging to the same malware family. For an in depth analysis, frequent malware behavioral patterns, mean duration in each malware class, and sequence complexity index are identified. Our results showed that Longest Common Prefix (LCP) is most effective in terms of the reduced computational complexity, and silhouette coeffcient, as well as, in identification of similar malware application despite the fact that they belong to different malware families.
Date of AwardMay 2017
Original languageAmerican English

Keywords

  • Malware Universe; Malware Behavioral Patterns; Detection Strategies; Longest Common Prefix (LCP); United Arab Emirates.

Cite this

'