英文摘要 |
In recent years, cybercriminals have developed new malware or variants in order to effectively evade inspection from security mechanisms. Most prior works focused on analyzing malware which contain only single binary file. However, most honeypot captured malware contain several binary and source files. Therefore, existing malware analysis approaches do not suitable for honeypot captured malware. In this research, a novel malware classification approach which analyzes features extracted from malware’s file structure, source code and binary files and file name is proposed. An incremental clustering algorithm is developed to replace traditional hierarchical clustering algorithm for improving efficiency. By means of proposed system, when a honeypot captures a new malware, IT security staff could know whether the new malware belongs to any existing clusters or not. To evaluate the performance of proposed system, the proposed approach is compared with Virustotal- a popular platform for malware detection and classification. The experiment result shows that the proposed approach outperforms Virustotal. |