A Human-in-the-Loop Approach to Malware Author Classification

Abstract

For these few decades malwares have been posing a major concern in the cyber security. Recently, a number of "author groups" have been generating lots of new malwares by sharing source code within a group and exploiting evasive schemes such as polymorphism and metamorphism. This motivates us to study the problem of identifying the author group of a given malware, which would be able to work for not only blocking malwares but also legally punishing suspected malware authors. In this paper, we propose a humanmachine collaborative approach for classifying author groups of malwares accurately. We also propose a visualization method for helping human experts to make the decision easily. We verify the superiority of our framework through extensive experiments using real-world malware data.