Adaptive semantics-aware malware classification

Bojan Kolosnjaji, Apostolis Zarras, Tamas Lengyel, George Webster, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

Automatic malware classification is an essential improvement over the widely-deployed detection procedures using manual signatures or heuristics. Although there exists an abundance of methods for collecting static and behavioral malware data, there is a lack of adequate tools for analysis based on these collected features. Machine learning is a statistical solution to the automatic classification of malware variants based on heterogeneous information gathered by investigating malware code and behavioral traces. However, the recent increase in variety of malware instances requires further development of effective and scalable automation for malware classification and analysis processes. In this paper, we investigate the topic modeling approaches as semantics-aware solutions to the classification of malware based on logs from dynamic malware analysis. We combine results of static and dynamic analysis to increase the reliability of inferred class labels. We utilize a semi-supervised learning architecture to make use of unlabeled data in classification. Using a nonparametric machine learning approach to topic modeling we design and implement a scalable solution while maintaining advantages of semantics-aware analysis. The outcomes of our experiments reveal that our approach brings a new and improved solution to the reoccurring problems in malware classification and analysis.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, Proceedings
EditorsUrko Zurutuza, Ricardo J. Rodríguez, Juan Caballero
PublisherSpringer Verlag
Pages419-439
Number of pages21
ISBN (Print)9783319406664
DOIs
StatePublished - 2016
Event13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2016 - San Sebastian, Spain
Duration: 7 Jul 20168 Jul 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9721
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2016
Country/TerritorySpain
CitySan Sebastian
Period7/07/168/07/16

Fingerprint

Dive into the research topics of 'Adaptive semantics-aware malware classification'. Together they form a unique fingerprint.

Cite this