Malware biodiversity using static analysis

Jeremy D. Seideman, Bilal Khan, Antonio Cesar Vargas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Malware is constantly changing and is released very rapidly, necessarily to remain effective in the changing computer landscape. Some malware files can be related to each other; studies that indicate that malware samples are similar often base that determination on common behavior or code. Given, then, that new malware is often developed based on existing malware, we can see that some code fragments, behavior, and techniques may be influencing more development than others. We propose a method by which we can determine the extent that previously released malware is influencing the development of new malware. Our method allows us to examine the way that malware changes over time, allowing us to look at trends in the changing malware landscape. This method, which involves a historical study of malware, can then be extended to investigate specific behaviors or code fragments. Our method shows that, with respect to the method in which we compared malware samples, over 64% of malware samples that we analyzed are contributing to the biodiversity of the malware ecosystem and influencing new malware development.

Original languageEnglish (US)
Title of host publicationFuture Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings
EditorsSelwyn Piramuthu, Wei Zhou, Robin Doss
PublisherSpringer Verlag
Pages139-155
Number of pages17
ISBN (Electronic)9783319192093
DOIs
StatePublished - Jan 1 2015
Event1st International Conference on Future Network Systems and Security, FNSS 2015 - Paris, France
Duration: Jun 11 2015Jun 13 2015

Publication series

NameCommunications in Computer and Information Science
Volume523
ISSN (Print)1865-0929

Other

Other1st International Conference on Future Network Systems and Security, FNSS 2015
CountryFrance
CityParis
Period6/11/156/13/15

Fingerprint

Biodiversity
Static analysis
Malware
Ecosystems

ASJC Scopus subject areas

  • Computer Science(all)
  • Mathematics(all)

Cite this

Seideman, J. D., Khan, B., & Vargas, A. C. (2015). Malware biodiversity using static analysis. In S. Piramuthu, W. Zhou, & R. Doss (Eds.), Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings (pp. 139-155). (Communications in Computer and Information Science; Vol. 523). Springer Verlag. https://doi.org/10.1007/978-3-319-19210-9_10

Malware biodiversity using static analysis. / Seideman, Jeremy D.; Khan, Bilal; Vargas, Antonio Cesar.

Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings. ed. / Selwyn Piramuthu; Wei Zhou; Robin Doss. Springer Verlag, 2015. p. 139-155 (Communications in Computer and Information Science; Vol. 523).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Seideman, JD, Khan, B & Vargas, AC 2015, Malware biodiversity using static analysis. in S Piramuthu, W Zhou & R Doss (eds), Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings. Communications in Computer and Information Science, vol. 523, Springer Verlag, pp. 139-155, 1st International Conference on Future Network Systems and Security, FNSS 2015, Paris, France, 6/11/15. https://doi.org/10.1007/978-3-319-19210-9_10
Seideman JD, Khan B, Vargas AC. Malware biodiversity using static analysis. In Piramuthu S, Zhou W, Doss R, editors, Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings. Springer Verlag. 2015. p. 139-155. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-319-19210-9_10
Seideman, Jeremy D. ; Khan, Bilal ; Vargas, Antonio Cesar. / Malware biodiversity using static analysis. Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings. editor / Selwyn Piramuthu ; Wei Zhou ; Robin Doss. Springer Verlag, 2015. pp. 139-155 (Communications in Computer and Information Science).
@inproceedings{e725a36cbe7a47fdb700fbe3b6796789,
title = "Malware biodiversity using static analysis",
abstract = "Malware is constantly changing and is released very rapidly, necessarily to remain effective in the changing computer landscape. Some malware files can be related to each other; studies that indicate that malware samples are similar often base that determination on common behavior or code. Given, then, that new malware is often developed based on existing malware, we can see that some code fragments, behavior, and techniques may be influencing more development than others. We propose a method by which we can determine the extent that previously released malware is influencing the development of new malware. Our method allows us to examine the way that malware changes over time, allowing us to look at trends in the changing malware landscape. This method, which involves a historical study of malware, can then be extended to investigate specific behaviors or code fragments. Our method shows that, with respect to the method in which we compared malware samples, over 64{\%} of malware samples that we analyzed are contributing to the biodiversity of the malware ecosystem and influencing new malware development.",
author = "Seideman, {Jeremy D.} and Bilal Khan and Vargas, {Antonio Cesar}",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-19210-9_10",
language = "English (US)",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "139--155",
editor = "Selwyn Piramuthu and Wei Zhou and Robin Doss",
booktitle = "Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings",

}

TY - GEN

T1 - Malware biodiversity using static analysis

AU - Seideman, Jeremy D.

AU - Khan, Bilal

AU - Vargas, Antonio Cesar

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Malware is constantly changing and is released very rapidly, necessarily to remain effective in the changing computer landscape. Some malware files can be related to each other; studies that indicate that malware samples are similar often base that determination on common behavior or code. Given, then, that new malware is often developed based on existing malware, we can see that some code fragments, behavior, and techniques may be influencing more development than others. We propose a method by which we can determine the extent that previously released malware is influencing the development of new malware. Our method allows us to examine the way that malware changes over time, allowing us to look at trends in the changing malware landscape. This method, which involves a historical study of malware, can then be extended to investigate specific behaviors or code fragments. Our method shows that, with respect to the method in which we compared malware samples, over 64% of malware samples that we analyzed are contributing to the biodiversity of the malware ecosystem and influencing new malware development.

AB - Malware is constantly changing and is released very rapidly, necessarily to remain effective in the changing computer landscape. Some malware files can be related to each other; studies that indicate that malware samples are similar often base that determination on common behavior or code. Given, then, that new malware is often developed based on existing malware, we can see that some code fragments, behavior, and techniques may be influencing more development than others. We propose a method by which we can determine the extent that previously released malware is influencing the development of new malware. Our method allows us to examine the way that malware changes over time, allowing us to look at trends in the changing malware landscape. This method, which involves a historical study of malware, can then be extended to investigate specific behaviors or code fragments. Our method shows that, with respect to the method in which we compared malware samples, over 64% of malware samples that we analyzed are contributing to the biodiversity of the malware ecosystem and influencing new malware development.

UR - http://www.scopus.com/inward/record.url?scp=84937404120&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937404120&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-19210-9_10

DO - 10.1007/978-3-319-19210-9_10

M3 - Conference contribution

AN - SCOPUS:84937404120

T3 - Communications in Computer and Information Science

SP - 139

EP - 155

BT - Future Network Systems and Security - 1st International Conference, FNSS 2015, Proceedings

A2 - Piramuthu, Selwyn

A2 - Zhou, Wei

A2 - Doss, Robin

PB - Springer Verlag

ER -