Generation of behavioral signatures using the clustering

摘要

Generating behavior signatures to detect malware. By using a computer, to collect the trace behavior of malware malware data set. Behavior trace describes the continuous behavior that was performed by the malware. Generating a malware behavior sequence by normalizing the behavior trace. Clustering together the malware behavior sequence similar. Malware behavior sequence in the cluster, I will describe the behavior of the malware family. To identify the behavior of sub-sequence common to malware family of clusters by analyzing the cluster. The behavior signature for malware family, is generated using the behavior subsequence. To match that of the existing cluster by normalizing if possible traces of new malware. The behavioral signature for that cluster, it is generated based on the sequence of the other behavior and sequence of new malware cluster.