Return to search

Identifying malware similarity through token-based and semantic code clones

Malware is the source or a catalyst for many of the attacks on our cyberspace. Malware analysts and other cybersecurity professionals are responsible for responding to and understanding attacks to mount a defense against the attacks in our cyberspace. The sheer amount of malware alone makes this a difficult task, but malware is also increasing in complexity. This research provides empirical evidence that a hybrid approach using token-based and semantic-based code clones can identify similarities between malware. In addition, the use of different normalization techniques and the use of undirected matrices versus directed matrices were studied. Lastly, the impact of the use of inexact code clones was evaluated. Our results showed that our approach to determining the similarity between malware outperforms two methods currently used in malware analyses. In addition, we showed that overly generalized normalization of code sections would hinder the performance of the proposed method. At the same time, there is no significant difference between the use of directed and undirected matrices. This research also confirmed the positive impact of using inexact code clones when determining similarity.

Identiferoai:union.ndltd.org:MSSTATE/oai:scholarsjunction.msstate.edu:td-7025
Date08 December 2023
CreatorsLanclos, Christopher I. G.
PublisherScholars Junction
Source SetsMississippi State University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceTheses and Dissertations

Page generated in 0.0018 seconds