Talks and Poster Presentations (with Proceedings-Entry):
U. Bayer, E. Kirda, Ch. Krügel, P. Milani Comparetti, C. Hlauschek:
"Scalable, Behavior-Based Malware Clustering";
Talk: Network and Distributed System Security Symposium (NDSS),
San Diego;
2009-02-08
- 2009-02-11; in: "16th Annual Network and Distributed System Security Symposium (NDSS 2009)",
NDSS Proceedings,
(2009).
English abstract:
Anti-malware companies receive thousands of malware samples every day. To process this large quantity, a number of automated analysis tools were developed. These tools execute a malicious program in a controlled environment and produce reports that summarize the program's actions. Of course, the problem of analyzing the reports still remains. Recently, researchers have started to explore automated clustering techniques that help to identify samples that exhibit similar behavior. This allows an analyst to discard reports of samples that have been seen before, while focusing on novel, interesting threats. Unfortunately, previous techniques do not scale well and frequently fail to generalize the observed activity well enough to recognize related malware.
Keywords:
malware, clustering
Electronic version of the publication:
http://publik.tuwien.ac.at/files/PubDat_179716.pdf
Related Projects:
Project Head Wolfgang Kastner:
Pathfinder - Malicious Code Analysis and Detection
Project Head Paolo Milani Comparetti:
Worldwide Observatory of Malicious Behaviors and Attack Threats
Created from the Publication Database of the Vienna University of Technology.