Openly accessible

A comparison of the classification of disparate malware collected in different time periods

Islam, Rafiqul, Tian, Ronghua, Moonsamy, Veelasha and Batten, Lynn 2012, A comparison of the classification of disparate malware collected in different time periods, Journal of networks, vol. 7, no. 6, pp. 946-955.

Attached Files
Name Description MIMEType Size Downloads
tian-acomparisonofthe-2012.pdf Published version application/pdf 874.48KB 24

Title A comparison of the classification of disparate malware collected in different time periods
Author(s) Islam, Rafiqul
Tian, Ronghua
Moonsamy, Veelasha
Batten, Lynn
Journal name Journal of networks
Volume number 7
Issue number 6
Start page 946
End page 955
Total pages 10
Publisher Academy Publisher
Place of publication Oulu, Finland
Publication date 2012-06
ISSN 1796-2056
Keyword(s) classification
dynamic
malware
static
Summary It has been argued that an anti-virus strategy based on malware collected at a certain date, will not work at a later date because malware evolves rapidly and an anti-virus engine is then faced with a completely new type of executable not as amenable to detection as the first was.

In this paper, we test this idea by collecting two sets of malware, the first from 2002 to 2007, the second from 2009 to 2010 to determine how well the anti-virus strategy we developed based on the earlier set [18] will do on the later set. This anti-virus strategy integrates dynamic and static features extracted from the executables to classify malware by distinguishing between families. We also perform another test, to investigate the same idea whereby we accumulate all the malware executables in the old and new dataset, separately, and apply a malware versus cleanware classification.

The resulting classification accuracies are very close for both datasets, with a difference of approximately 5.4% for both experiments, the older malware being more accurately classified than the newer malware. This leads us to conjecture that current anti-virus strategies can indeed be modified to deal effectively with new malware.
Language eng
Field of Research 109999 Technology not elsewhere classified
Socio Economic Objective 970110 Expanding Knowledge in Technology
HERDC Research category C1 Refereed article in a scholarly journal
Copyright notice ©2012, The Authors
Persistent URL http://hdl.handle.net/10536/DRO/DU:30046962

Document type: Journal Article
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Access Statistics: 99 Abstract Views, 25 File Downloads  -  Detailed Statistics
Created: Mon, 13 Aug 2012, 12:54:37 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.