Skip to main content
Clustering versus SVM for malware detection
Journal of Computer Virology and Hacking Techniques (2016)
  • Mark Stamp, San Jose State University
  • Usha Narra, San Jose State University
  • Fabio Di Troia, Università degli Studi del Sannio
  • Visaggio A. Corrado, Università degli Studi del Sannio
  • Thomas H. Austin, San Jose State University
Previous work has shown that cluster analysis can be used to effectively classify malware into meaningful families. In this research, we apply cluster analysis to the challenging problem of classifying previously unknown malware. We perform several experiments involving malware clustering. We compare our clustering results to those obtained when a support vector machine (SVM) is trained on the malware family. Using clustering, we are able to classify malware with an accuracy comparable to that of an SVM. An advantage of the clustering approach is that a new malware family can be classified before a model has been trained specifically for the family.
Publication Date
November, 2016
Publisher Statement
SJSU Users: use the following link to login and access the article via SJSU databases.
Citation Information
Mark Stamp, Usha Narra, Fabio Di Troia, Visaggio A. Corrado, et al.. "Clustering versus SVM for malware detection" Journal of Computer Virology and Hacking Techniques Vol. 12 Iss. 4 (2016) p. 213 - 224 ISSN: 2274-2042
Available at: