Malware Classification using FingerPrint and TF-IDF

Abstract

As the spread of computers is accelerating, the rate of malicious programs is rapidly increasing. Because the number of malware increases very quickly, malicious code should be able to be analyzed and detected quickly and accurately. Also it is very important to know the characteristics of malware to detect new ones. This paper proposes malware similarity calculation method, and cosine similarity is used to calculate the similarity between malicious codes, and features are extracted and by static analysis for each malicious code. In this case, the malicious code is analyzed using HB Gary's Finger Print, and the analyzed information is measured by TF-IDF, which is used to classify documents, to measure characteristics and similarity of each malware family. After that, malware family classification experiments were performed using additional malware, and the similarity of each malicious code was measured. Through the experimental results, this paper proposes the method that can be effective for malware family classification.