Malware Classification for Identifying Author Groups: A Graph-based Approach

Abstract

As our lives become increasingly dependent on computer software, the threat of malware attacks is getting greater. By slightly modifying the previous version to avoid malware detection, the attackers can continuously release new malwares with ease. However, malwares released by a group of authors might contain some evidence among them that they are developed by the same group of authors. Such information can be used for digital forensics, law enforcement, and deeper analysis of malwares. In this paper, we propose a graph-based approach to classify author groups of given malware samples. In addition, we propose graph refinement strategies to improve classification accuracies. Via extensive experiments on a real-world dataset, we verify our graph-based classification could benefit author group classification of malwares than traditional feature-based SVM. We also verify the proposed graph refinement strategies increase the accuracy of the classification. © 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.