Malware families typically evolve over a period of time. Differences between malware samples within a single family can originate from various code modifications designed to evade detection, or changes that are made to alter the functionality of the malware itself. Thus, malware samples from the same family from different time periods can exhibit significantly different behavior. In this research, we apply feature ranking—based on linear support vector machine (SVM) weights—to identify changes within malware families. We analyze numerous malware families over extended periods of time. Our goal is to demonstrate that we can detect evolutionary changes within malware families using an automated and quantifiable machine learning based technique.
- Feature analysis,
- malware evolution,
- Malware,
- Support vector machine
Available at: http://works.bepress.com/mark_stamp/121/