A Statistical Approach for Discovering Critical Malicious Patterns in Malware Families

摘要

In this paper, we present carefully selected critical malicious patterns, which are in common among malware variants in the same malware family, but not other malware families, using statistical information processing. The analysed critical malicious patterns can be an effective training dataset, towards classification of known and unknown malware variants. We present malware variants as a set of hashes, which represent the constituent basic blocks of the malware Control Flow Graph, and classify them into their corresponding malware family. By computing the Distribution Frequency for each basic block residing in all the malware families, the importance of being a possible representative to become a critical malicious pattern for a specific malware family is measured. This value is carefully computed by considering the population of each malware family.