| The number of malwares continue to exponential grow with the rapid development of Internet.The malware analysis is still the primary problem of information security.Academic researchers analyzed various aspects of maleares such as clustering,classification,homologency analysis and so on.This paper carry on three work based on the current situation.(1)On account of the problem that anti-virus vendors' automated analysis of malwares is divorced from clustering,classification,homologency analysis of academia.This paper presents a new theoretical model of automatic analysis of malwares.And the classification,clustering,homologous analysis based on the theoretical model can be better applied in anti-virus vendors' products.The new theoretical model of automatic analysis of malwares unified the academia and industry.(2)Against a series of questions caused by use different datasets as input,such as it is difficult to compare between different academic research results.This paper puts forward the specification of description of malwares,selects the families of malwares,provides the open data set.And by using the data set as inputs,we can compare different researches and can submit more precise standards.(3)In view of the previous studies,we have found out the different degree of distances among samples among different families,this paper designs and implements the clustering algorithm based on SNN density.The clustering algorithm is not sensitive to the densities of the samples.So it is adapt to the malwares clustering.In this process,opcode and system calls are used as the inputs to verify the accuracy of the SNN density clustering algorithm,up to 100%.And the paper proves the practicality of the algorithm. |
PDF Full Text Request