Abstract
APT (Advanced Persistent Threat) attacks are developing rapidly and become severe threats nowadays. In this paper, homologous malware mean that they are developed and programmed by the same author or organization. To identify the homology of malware adopted by different APT attacks is conducive to constructing attack scenario, tracking attackers and even defending against new APT attacks. Currently, homology identification still relies on manual analysis and security experts' experience in the anti-malware industry. It is persuasive, but inefficient and time-consuming. In order to improve the effectiveness and efficiency, an automatic malware homology identification method is proposed in this paper. Six types of API (Application Programming Interface) call behaviors are defined according to programming habits, and extracted from the binary samples by static analysis. Based on the API call behaviors, the homologous degree of different malware is calculated using Jaccard similarity coefficient. Then the homology is identified by comparing the homologous degree with a threshold. Experimental evaluations on real-world samples show that this method achieves high accuracy rate and acceptable recall rate.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
