{"title":"From Plagiarism to Malware Detection","authors":"Ciprian Oprișa, George Cabau, Adrian Colesa","doi":"10.1109/SYNASC.2013.37","DOIUrl":null,"url":null,"abstract":"We have often seen how malware families evolve over time: the malware authors add new features, change the order of functions, modify some strings or add random useless code. They do all that to evade detection. In a similar way, computer science students that copy homework will change variable and function names, rephrase comments or even replace some small portions of the code. In both cases, the essence remains the same and it is easy for one to see it, by comparing two samples or two source codes. The challenge however, is to automatically find groups of similar items in a large collection. Our research shows that we can apply the same techniques in order to cluster new malicious samples into malware families and detect plagiarized students work. The paper proposes a novel approach for computing the similarity between two items, based not only on their features, but also based on the frequencies of those features in a given population. The new similarity function was tested in a clustering algorithm and it proved better than other approaches. Also, the nature of the method allows it to be used in other document classification tasks.","PeriodicalId":293085,"journal":{"name":"2013 15th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 15th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC.2013.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
We have often seen how malware families evolve over time: the malware authors add new features, change the order of functions, modify some strings or add random useless code. They do all that to evade detection. In a similar way, computer science students that copy homework will change variable and function names, rephrase comments or even replace some small portions of the code. In both cases, the essence remains the same and it is easy for one to see it, by comparing two samples or two source codes. The challenge however, is to automatically find groups of similar items in a large collection. Our research shows that we can apply the same techniques in order to cluster new malicious samples into malware families and detect plagiarized students work. The paper proposes a novel approach for computing the similarity between two items, based not only on their features, but also based on the frequencies of those features in a given population. The new similarity function was tested in a clustering algorithm and it proved better than other approaches. Also, the nature of the method allows it to be used in other document classification tasks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
