The majority of recent cyber incidents have been caused by malware. According to a report by Symantec, an average of one million malicious codes is found daily. Automated static and dynamic analysis technologies are generally applied to cope with this, but most of the new malicious codes are the mutants of existing malware. In this paper, we present technology that automatically detects the n-gram and clustering coefficient-based malware mutants and that automatically groups the different types of malware. We verified our system by applying more than 2600 malicious codes. Our proposed technology does more than just respond to malware as it can also provide the ground for the effective analysis of new malware, the trend analysis of a malware group, the automatic identification of specific malware, and the analysis of the estimated trend of an attacker.
This work was supported by the Institute for Information and communications Technology Promotion(IITP) grant funded by the Korea government (MSIP) (No.R0101-15-0175, The Development of Cyber Attacks Detection Technology based on Mass Security Events Analysing and Malicious Code Profiling). The authors declare that there is no conflict of interests regarding the publication of this paper.Acknowledgements This work was supported by the Institute for Information and communications Technology Promotion(IITP) grant funded by the Korea government (MSIP) (No.R0101-15-0175, The Development of Cyber Attacks Detection Technology based on Mass Security Events Analysing and Malicious Code Profiling).
