Identifying malware using n-gram clustering metrics
Posted on:2015-05-08
Degree:M.S
Type:Thesis
University:University of Maryland, Baltimore County
Candidate:Dowd, Christopher Ryan
Full Text:PDF
GTID:2478390020451291
Subject:Computer Science
Abstract/Summary:
We identify a new method for detecting malware within a network that can be processed in linear time. In the digital age, more files are transferred between individuals and systems that have the potential to contain malignant processes. Traditional malware detection and analysis is performed by signature based operations or by hashing current files. A malicious attacker can quickly change found signatures or change various processes to defeat hash based detection. We need a way to quickly identify malicious files to stage them for quarantine and further analysis.;In this thesis we observe the previous methods used to detect malware and develop a new process to identify malware using n-gram analysis to cluster malware specimens by their similarity to each other. Specimens from a well-known malware family are used in this demonstration.