Malware Clustering Based on SNN Density Using System Calls

  • Wang Shuwei
  • Wang Baosheng
  • Yong TangEmail author
  • Yu Bo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9483)


Clustering is an important part of the malware analysis. The malware clustering algorithms commonly used at present have gradually can not adapt to the growing number of malware. In order to improve the malware clustering algorithm, this paper uses the clustering algorithm based on Shared Nearest Neighbor (SNN), and uses frequencies of the system calls as the features for input. This algorithm combined with the DBSCAN which is traditional density-based clustering algorithm in data mining. This makes it is a better application in the process of clustering of malware. The results of clusters demonstrate that the effect of the algorithm of clustering is good. And the algorithm is simple to implement and easy to complete automated analysis. It can be applied to actual automated analysis of malware.


Malware Clustering SNN System calls 


  1. 1.
    Wang, H.-T., Mao, C.-H., Wei, T.-E., Lee, H.-M.: Clustering of similar malware behavior via structural host-sequence comparison. In: IEEE 37th Annual Computer Software and Applications Conference (2013)Google Scholar
  2. 2.
    Hu, X., Bhatkar, S., Griffin, K., Kang, G.: MutantX-S: scalable malware clustering based on static features. In: Proceedings of the 2013 USENIX Conference on Annual Technical Conference (2013)Google Scholar
  3. 3.
    Kostakis, O.: Classy: fast clustering streams of call-graphs. Data Min. Knowl. Dis. 28, 1554–1585 (2014)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Rol, F.: Poisoning behavioral malware clustering. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (2014)Google Scholar
  5. 5.
    Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware cate-gorization using cluster ensemble. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 95–104(2010)Google Scholar
  6. 6.
    Perdisci, R., ManChon, U.: VAMO: towards a fully automated malware clustering validity analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference (2012)Google Scholar
  7. 7.
    Bayer, U., Comparetti, P.M., Hlauscheck, C., et al.: Scalable, behavior-based malware clustering. In: 16th Symposium on Network and Distributed System Security (NDSS) (2009)Google Scholar
  8. 8.
    Iwamoto, K., Wasaki, K.: Malware classification based on extracted API sequences using static analysis. In: Proceedings of the Asian Internet Engineeering Conference (2012)Google Scholar
  9. 9.
    Yan, G., Brown, N., Kong, D.: Exploring discriminatory features for automated malware classification. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 41–61. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    Cesare, S., Xiang, Y., Zhou, W.: Malwise: an effective and efficient classification system for Packed and Polymorphic Malware. IEEE Trans. Comput. 62, 1193–1206 (2013)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Cesare, S., Xiang, Y., Zhou, W.: Control flow-based malware variant detection. IEEE Trans. Dependable Secure Comput. 11, 304–317 (2014)CrossRefGoogle Scholar
  12. 12.
    Hongbo, S., Tomoki, H., Katsunari, Y.: Structural classification and similarity measurement of malware. IEEJ Trans. Electr. Electron. Eng. 9, 621–632 (2014)CrossRefGoogle Scholar
  13. 13.
    Jang, J.-W., Woo, J., Yun, J., Kim, H.K.: Mal-netminer: malware classification based on social network analysis of call graph. In: Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.National University of Defense TechnologyChangshaChina
  2. 2.Institute of Network and Information SecurityNational University of Defense TechnologyChangshaChina

Personalised recommendations