Full metadata
Title
On the Application of Malware Clustering for Threat Intelligence Synthesis
Description
Malware forensics is a time-consuming process that involves a significant amount of data collection. To ease the load on security analysts, many attempts have been made to automate the intelligence gathering process and provide a centralized search interface. Certain of these solutions map existing relations between threats and can discover new intelligence by identifying correlations in the data. However, such systems generally treat each unique malware sample as its own distinct threat. This fails to model the real malware landscape, in which so many ``new" samples are actually variants of samples that have already been discovered. Were there some way to reliably determine whether two malware samples belong to the same family, intelligence for one sample could be applied to any sample in the family, greatly reducing the complexity of intelligence synthesis. Clustering is a common big data approach for grouping data samples which have common features, and has been applied in several recent papers for identifying related malware. It therefore has the potential to be used as described to simplify the intelligence synthesis process. However, existing threat intelligence systems do not use malware clustering. In this paper, we attempt to design a highly accurate malware clustering system, with the ultimate goal of integrating it into a threat intelligence platform. Toward this end, we explore the many considerations of designing such a system: how to extract features to compare malware, and how to use these features for accurate clustering. We then create an experimental clustering system, and evaluate its effectiveness using two different clustering algorithms.
Date Created
2017-05
Contributors
- Smith, Joshua Michael (Author)
- Ahn, Gail-Joon (Thesis director)
- Zhao, Ziming (Committee member)
- School of Mathematical and Statistical Sciences (Contributor)
- Computer Science and Engineering Program (Contributor, Contributor)
- Barrett, The Honors College (Contributor)
Topical Subject
Resource Type
Extent
17 pages
Language
eng
Copyright Statement
In Copyright
Primary Member of
Series
Academic Year 2016-2017
Handle
https://hdl.handle.net/2286/R.I.43516
Level of coding
minimal
Cataloging Standards
System Created
- 2017-10-30 02:50:58
System Modified
- 2021-08-11 04:09:57
- 3 years 3 months ago
Additional Formats