Static Malware Family Clustering via Structural and Functional Characteristics

Authors

David George, Southern Methodist UniversityFollow
Andre Mauldin, Southern Methodist UniversityFollow
Josh Mitchell, Southern Methodist UniversityFollow
Sufiyan Mohammed, Southern Methodist UniversityFollow
Robert Slater, Southern Methodist UniversityFollow

Abstract

Static and dynamic analyses are the two primary approaches to analyzing malicious applications. The primary distinction between the two is that the application is analyzed without execution in static analysis, whereas the dynamic approach executes the malware and records the behavior exhibited during execution. Although each approach has advantages and disadvantages, dynamic analysis has been more widely accepted and utilized by the research community whereas static analysis has not seen the same attention. This study aims to apply advancements in static analysis techniques to demonstrate the identification of fine-grained functionality, and show, through clustering, how malicious applications may be grouped into associated family types. The scope of this research is focused on malicious software utilizing the Portable Executable (“PE”) file format for Microsoft Windows operating systems.

Recommended Citation

George, David; Mauldin, Andre; Mitchell, Josh; Mohammed, Sufiyan; and Slater, Robert (2023) "Static Malware Family Clustering via Structural and Functional Characteristics," SMU Data Science Review: Vol. 7: No. 2, Article 4.
Available at: https://scholar.smu.edu/datasciencereview/vol7/iss2/4

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License