Malware variant detection and classification using control flow graph

Abstract

The number of malware increases steadily and is too many. So a malware analyst cannot analyze these manually. Therefore many researchers are working on automatic malware analysis. As a result of these researches, there are so many algorithms. The representative example may be a behavior based malware automatic analysis system. For example, these are the Bitblaze [1], Anubis[2], and so on. However these behaviors based analysis result is not enough. So for more detail analysis and advanced automatic analysis feature, the automatic static analysis engine is necessary. Then some projects apply an automatic static analysis engine and the research on automatic static analysis is working. These analysis methods use the structural characteristic of malware, and that is the reason the malware is also software, there is a toolkit for a malware generation, and a malware author reuse some codes. For automatic static analysis, it is so useful that the static analysis engine uses the structural characteristic of malware. However previous researches have some problem. For example, these are a performance, false positive, detection ratio, and so on. Therefore we'll describe another method that used the structural characteristic of malware. © 2011 Springer-Verlag.