AbstractsComputer Science

Identification of malicious behavior patterns for software

by Saad Usman Khan




Institution: Norwegian University of Science and Technology
Department:
Year: 2014
Record ID: 1284291
Full text PDF: http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-26603


Abstract

Over the years malware has increased in number and became increasingly harmful. Traditionally, anti-virus suites are used to protect the computers from various forms of malware. In recent years a new technique called “behavior based malware analysis” has become famous which overcomes some of shortcomings of traditional anti-virus suites. Just like antivirus suites require signatures, behavior analysis systems require patterngroups for malware identification. This thesis presents the design and implementation of a Malware Pattern Generator (MPG). MPG is built to automatically generate behavior based pattern groups from a given malicious dataset. MPG uses hierarchical clustering to find similarities between malware and extracts the similarities to generate pattern groups. Three variants of MPG are developed during the work on this thesis and the results of their evaluation against malicious datasets are presented.