Title :
Spectral malware behavior clustering
Author :
Giannella, Chris ; Bloedorn, Eric
Author_Institution :
MITRE Corp., McLean, VA, USA
Abstract :
We develop a version of spectral clustering and empirically study its performance when applied to behavior-based malware clustering. In 2011, a behavior-based malware clustering algorithm was reported by Rieck et al. We hypothesize that, owing to the more complex nature of our algorithm, it will exhibit higher accuracy than Rieck´s but will require greater run-time. Through experiments using three different malware datasets, we largely substantiate this hypothesis. Our approach had comparable or superior accuracy to Rieck´s over all of its parameter settings examined and ours had higher run-times (nonetheless, ours had run-times of less than one minute on all datasets). We also found our algorithm had no clear accuracy advantage, but much smaller run-times than Hierarchical Agglomerative Clustering.
Keywords :
invasive software; pattern clustering; behavior-based spectral malware clustering algorithm; Accuracy; Algorithm design and analysis; Approximation algorithms; Clustering algorithms; Malware; Prototypes; Standards;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4799-9888-3
DOI :
10.1109/ISI.2015.7165931
