Effective and Reliable Malware Group Classification for a Massive Malware Environment

Abstract

Most of the cyber-attacks are caused by malware, and damage from them has escalated from cyber space to home appliances and infrastructure, thus affecting the daily living of the people. As such, anticipative analysis and countermeasures for malware have become more important. Most malware programs are created as variations of existing malware. This paper proposes a scheme for the detection and group classification of malware, some measures to improve the dependability of classification using the local clustering coefficient, and the technique for selecting and managing the leading malware for each group to classify them cost-effectively in a massive malware environment. This study also developed the system for the proposed model and compared its performance with the existing methods on actual malware to verify the level of dependability improvement. The technology developed in this study is expected to be used for the effective analysis of new malware, trend analysis of the same malware group, automatic identification of malware of interest, and same attacker trend analysis in addition to countermeasures for each malware program.