Feature-driven formal concept analysis for malware hierarchy construction

Abstract

As the number of computer viruses have rapidly been increasing nowadays, automatic classification of viruses into a concept hierarchy is one of the emerging issues of malware research community. Among various approaches, Formal Concept Analysis (FCA) is a well-known technique which is capable of producing a concept lattice/hierarchy from a formal concept. However, the traditional approach of concept representation offered by FCA is not enough to capture the semantics of virus behaviors. In recent literature, the operational mechanism of virus has often been represented by temporal logic for formal analysis. This motivates us to extend FCA into F-FCA (Feature-driven FCA) to overcome the discussed problem. In F-FCA, each formal object and concept is associated with a temporal logic formula. We also introduce an on-the-fly algorithm, known as FOCA, to generate a concept hierarchy on F-FCA by means of an object-joining operator. Experiments on a real dataset of 3000 virus samples demonstrate the efficiency of our approach, as compared to the traditional approach.