Static and dynamic analyses are the two primary approaches to analyzing malicious applications. The primary distinction between the two is that the application is analyzed without execution in static analysis, whereas the dynamic approach executes the malware and records the behavior exhibited during execution. Although each approach has advantages and disadvantages, dynamic analysis has been more widely accepted and utilized by the research community whereas static analysis has not seen the same attention. This study aims to apply advancements in static analysis techniques to demonstrate the identification of fine-grained functionality, and show, through clustering, how malicious applications may be grouped into associated family types. The scope of this research is focused on malicious software utilizing the Portable Executable (“PE”) file format for Microsoft Windows operating systems.
George, David; Mauldin, Andre; Mitchell, Josh; Mohammed, Sufiyan; and Slater, Robert
"Static Malware Family Clustering via Structural and Functional Characteristics,"
SMU Data Science Review: Vol. 7:
2, Article 4.
Available at: https://scholar.smu.edu/datasciencereview/vol7/iss2/4
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License