Structural classification and similarity measurement of malware

Hongbo Shi*, Tomoki Hamagami, Katsunari Yoshioka, Haoyuan Xu, Kazuhiro Tobe, Shigeki Goto


    研究成果: Article査読

    3 被引用数 (Scopus)


    This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.

    ジャーナルIEEJ Transactions on Electrical and Electronic Engineering
    出版ステータスPublished - 2014 11月 1

    ASJC Scopus subject areas

    • 電子工学および電気工学


    「Structural classification and similarity measurement of malware」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。