An empirical study of malware evolution

Author

Gupta, Archit ; Kuppili, Pavan ; Akella, Aditya ; Barford, Paul

Author_Institution

Univ. of Wisconsin-Madison, Madison, WI

fYear

2009

fDate

5-10 Jan. 2009

Firstpage

1

Lastpage

10

Abstract

The diversity, sophistication and availability of malicious software (malcode/malware) pose enormous challenges for securing networks and end hosts from attacks. In this paper, we analyze a large corpus of malcode meta data compiled over a period of 19 years. Our aim is to understand how malcode has evolved over the years, and in particular, how different instances of malcode relate to one another. We develop a novel graph pruning technique to establish the inheritance relationships between different instances of malcode based on temporal information and key common phrases identified in the malcode descriptions. Our algorithm enables a range of possible inheritance structures. We study the resulting ldquolikelyrdquo malcode families, which we identify through extensive manual investigation. We present an evaluation of gross characteristics of malcode evolution and also drill down on the details of the most interesting and potentially dangerous malcode families.

Keywords

graph theory; inheritance; invasive software; end host attack; graph pruning technique; inheritance relationship; inheritance structure; malcode evolution; malcode meta data; malicious software; malware evolution; network security; temporal information; Computer crime; Data mining; Humans; Information analysis; Information security; Internet; Marine vehicles; Software maintenance; Software systems; Text mining;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Systems and Networks and Workshops, 2009. COMSNETS 2009. First International

Conference_Location

Bangalore

Print_ISBN

978-1-4244-2912-7

Electronic_ISBN

978-1-4244-2913-4

Type

conf

DOI

10.1109/COMSNETS.2009.4808876

Filename

4808876