TUM Logo

Adaptive Semantics-Aware Malware Classification

Automatic malware classification is an essential improvement over the widely-deployed detection procedures using manual signatures or heuristics. Although there exists an abundance of methods for collecting static and behavioral malware data, there is a lack of adequate tools for analysis based on these collected features. Machine learning is a statistical solution to the automatic classification of malware variants based on heterogeneous information gathered by investigating malware code and behavioral traces. However, the recent increase in variety of malware instances requires further development of effective and scalable automation for malware classification and analysis processes.In this paper, we investigate the topic modeling approaches as semantics-aware solutions to the classification of malware based on logs from dynamic malware analysis. We combine results of static and dynamic analysis to increase the reliability of inferred class labels. We utilize a semi-supervised learning architecture to make use of unlabeled data in classification. Using a nonparametric machine learning approach to topic modeling we design and implement a scalable solution while maintaining advantages of semantics-aware analysis. The outcomes of our experiments reveal that our approach brings a new and improved solution to the reoccurring problems in malware classification and analysis.

Adaptive Semantics-Aware Malware Classification

13th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)

Authors: Bojan Kolosnjaji, Apostolis Zarras, Tamas Lengyel, George Webster, and Claudia Eckert
Year/month: 2016/7
Booktitle: 13th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)
Fulltext: SemanticTopicModeling.pdf

Abstract

Automatic malware classification is an essential improvement over the widely-deployed detection procedures using manual signatures or heuristics. Although there exists an abundance of methods for collecting static and behavioral malware data, there is a lack of adequate tools for analysis based on these collected features. Machine learning is a statistical solution to the automatic classification of malware variants based on heterogeneous information gathered by investigating malware code and behavioral traces. However, the recent increase in variety of malware instances requires further development of effective and scalable automation for malware classification and analysis processes.In this paper, we investigate the topic modeling approaches as semantics-aware solutions to the classification of malware based on logs from dynamic malware analysis. We combine results of static and dynamic analysis to increase the reliability of inferred class labels. We utilize a semi-supervised learning architecture to make use of unlabeled data in classification. Using a nonparametric machine learning approach to topic modeling we design and implement a scalable solution while maintaining advantages of semantics-aware analysis. The outcomes of our experiments reveal that our approach brings a new and improved solution to the reoccurring problems in malware classification and analysis.

Bibtex:

@inproceedings { kolosnjaji2016adaptive,
author = { Bojan Kolosnjaji and Apostolis Zarras and Tamas Lengyel and George Webster and Claudia Eckert},
title = { Adaptive Semantics-Aware Malware Classification },
year = { 2016 },
month = { July },
booktitle = { 13th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA) },
url = {https://www.sec.in.tum.de/i20/publications/adaptive-semantics-aware-malware-classification/@@download/file/SemanticTopicModeling.pdf}
}