In recent years, the number of malware families/variants has exploded dramatically. Automatic malware classification is becoming an important research area. Virus/spyware writers continue to create large number of new families and variants at an increasingly fast rate, effectively rendering manual human analysis inefficient and inadequate.
In attempts to automate static file analysis, we encountered considerable challenges from incremental family evolutions, binary obfuscation and intricate component relationships associated with Spyware. These challenges suggest the importance of run time behavior analysis in addition to static binary analysis, and using adaptable algorithms to automate classification. In this paper, we propose a behavior-based automated classification method based on distance measure and machine learning.Read Full Story