A Malware Variants Detection Methodology With An Opcode Based Feature Method And A Fast Density Based Clustering Algorithm

With the development of the Internet,the growing popularity of computers,Internet security become more and more serious,with the gradual raise of Internet safety awareness,people are increasingly concerned about Internet security,and malicious code has become a major Internet security threats,With the malware continuously growing in volume,variety and velocity,to bring users a lot of losses,but also there are a lot of Internet companies suffered attacks,suffered huge losses,some even malicious code threat the national security.Malware detection methods include signature-based detection and heuristics-based detection.Signature-based detection of Malware extracte the feature from Malware to match characteristics,its advantage lies in high efficiency,low false rate.In practice,it is the the most widely used detection method.The heuristics-based detection is based on a set of rules summed up by analyst according to their experience and using the rules to detect the malicious code.The advantage lies in its ability to detect the new malicious code appears,the disadvantage is that due to the subjectivity of the rules will lead to false positives,false negative rate higher.So,this paper uses feature-based detection method.In practice,the most widely used malware detection method is static detection.Operation code(opcode)sequences is one of the most important malware features for static analysis.Due to the diversity of the operation code,resulting in a large dimensions of feature of the malware,which will lead to low performance.We propose an information entropy based feature extraction method to extract a few but very useful information as representation of malware instances.At the same time,because of the low performance of the machine learning algorithm in the training and detection phase and the large set of features,which will result in performance overhead.We propose a generic Fast Density-Based Clustering algorithm for fast and accurately clustering malware instances.And our experiments demonstrate that our automated malware variant detection methodology is able to achieve high accuracy with significant speedup comparing with the other state-of-art approaches.