• DocumentCode
    725715
  • Title

    Spectral malware behavior clustering

  • Author

    Giannella, Chris ; Bloedorn, Eric

  • Author_Institution
    MITRE Corp., McLean, VA, USA
  • fYear
    2015
  • fDate
    27-29 May 2015
  • Firstpage
    7
  • Lastpage
    12
  • Abstract
    We develop a version of spectral clustering and empirically study its performance when applied to behavior-based malware clustering. In 2011, a behavior-based malware clustering algorithm was reported by Rieck et al. We hypothesize that, owing to the more complex nature of our algorithm, it will exhibit higher accuracy than Rieck´s but will require greater run-time. Through experiments using three different malware datasets, we largely substantiate this hypothesis. Our approach had comparable or superior accuracy to Rieck´s over all of its parameter settings examined and ours had higher run-times (nonetheless, ours had run-times of less than one minute on all datasets). We also found our algorithm had no clear accuracy advantage, but much smaller run-times than Hierarchical Agglomerative Clustering.
  • Keywords
    invasive software; pattern clustering; behavior-based spectral malware clustering algorithm; Accuracy; Algorithm design and analysis; Approximation algorithms; Clustering algorithms; Malware; Prototypes; Standards;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
  • Conference_Location
    Baltimore, MD
  • Print_ISBN
    978-1-4799-9888-3
  • Type

    conf

  • DOI
    10.1109/ISI.2015.7165931
  • Filename
    7165931
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=725715