Abstract
An enormous number of malware samples pose a major threat to our networked society. Antivirus software and intrusion detection systems are widely implemented on the hosts and networks as fundamental countermeasures. However, they may fail to detect evasive malware. Thus, setting a high priority for new varieties of malware is necessary to conduct in-depth analyses and take preventive measures. In this paper, we present a traffic model for malware that can classify network behaviors of malware and identify new varieties of malware. Our model comprises malwarespecific features and general traffic features that are extracted from packet traces obtained from a dynamic analysis of the malware. We apply a clustering analysis to generate a classifier and evaluate our proposed model using large-scale live malware samples. The results of our experiment demonstrate the effectiveness of our model in finding new varieties of malware.
| Original language | English |
|---|---|
| Pages (from-to) | 1691-1702 |
| Number of pages | 12 |
| Journal | IEICE Transactions on Information and Systems |
| Volume | E100D |
| Issue number | 8 |
| DOIs | |
| Publication status | Published - 2017 Aug |
Keywords
- Clustering analysis
- Malware communication model
- Network behavior classification
- New varieties of malware
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Vision and Pattern Recognition
- Electrical and Electronic Engineering
- Artificial Intelligence