Unveiling zeus automated classification of malware samples

Abedelaziz Mohaisen, Omar Alrawi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

25 Citations (Scopus)

Abstract

Malware family classification is an age old problem that many Anti- Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature based classification uses a common sequence of bytes that appears in the binary code to identify and detect a family of malware. Behavior based classification uses artifacts created by malware during execution for identification. In this paper we report on a unique dataset we obtained from our operations and classified using several machine learning techniques using the behaviorbased approach. Our main class of malware we are interested in classifying is the popular Zeus malware. For its classification we identify 65 features that are unique and robust for identifying malware families. We show that artifacts like file system, registry, and network features can be used to identify distinct malware families with high accuracy-in some cases as high as 95%.

Original languageEnglish
Title of host publicationWWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web
Pages829-832
Number of pages4
Publication statusPublished - 1 Dec 2013
Externally publishedYes
Event22nd International Conference on World Wide Web, WWW 2013 - Rio de Janeiro, Brazil
Duration: 13 May 201317 May 2013

Other

Other22nd International Conference on World Wide Web, WWW 2013
CountryBrazil
CityRio de Janeiro
Period13/5/1317/5/13

Fingerprint

Binary codes
Malware
Viruses
Learning systems
Industry

Keywords

  • Automatic analysis
  • Classification
  • Malware

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Mohaisen, A., & Alrawi, O. (2013). Unveiling zeus automated classification of malware samples. In WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web (pp. 829-832)

Unveiling zeus automated classification of malware samples. / Mohaisen, Abedelaziz; Alrawi, Omar.

WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web. 2013. p. 829-832.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mohaisen, A & Alrawi, O 2013, Unveiling zeus automated classification of malware samples. in WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web. pp. 829-832, 22nd International Conference on World Wide Web, WWW 2013, Rio de Janeiro, Brazil, 13/5/13.
Mohaisen A, Alrawi O. Unveiling zeus automated classification of malware samples. In WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web. 2013. p. 829-832
Mohaisen, Abedelaziz ; Alrawi, Omar. / Unveiling zeus automated classification of malware samples. WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web. 2013. pp. 829-832
@inproceedings{2f7f2e9160584ca2837428bde4bb21e0,
title = "Unveiling zeus automated classification of malware samples",
abstract = "Malware family classification is an age old problem that many Anti- Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature based classification uses a common sequence of bytes that appears in the binary code to identify and detect a family of malware. Behavior based classification uses artifacts created by malware during execution for identification. In this paper we report on a unique dataset we obtained from our operations and classified using several machine learning techniques using the behaviorbased approach. Our main class of malware we are interested in classifying is the popular Zeus malware. For its classification we identify 65 features that are unique and robust for identifying malware families. We show that artifacts like file system, registry, and network features can be used to identify distinct malware families with high accuracy-in some cases as high as 95{\%}.",
keywords = "Automatic analysis, Classification, Malware",
author = "Abedelaziz Mohaisen and Omar Alrawi",
year = "2013",
month = "12",
day = "1",
language = "English",
isbn = "9781450320382",
pages = "829--832",
booktitle = "WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web",

}

TY - GEN

T1 - Unveiling zeus automated classification of malware samples

AU - Mohaisen, Abedelaziz

AU - Alrawi, Omar

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Malware family classification is an age old problem that many Anti- Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature based classification uses a common sequence of bytes that appears in the binary code to identify and detect a family of malware. Behavior based classification uses artifacts created by malware during execution for identification. In this paper we report on a unique dataset we obtained from our operations and classified using several machine learning techniques using the behaviorbased approach. Our main class of malware we are interested in classifying is the popular Zeus malware. For its classification we identify 65 features that are unique and robust for identifying malware families. We show that artifacts like file system, registry, and network features can be used to identify distinct malware families with high accuracy-in some cases as high as 95%.

AB - Malware family classification is an age old problem that many Anti- Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature based classification uses a common sequence of bytes that appears in the binary code to identify and detect a family of malware. Behavior based classification uses artifacts created by malware during execution for identification. In this paper we report on a unique dataset we obtained from our operations and classified using several machine learning techniques using the behaviorbased approach. Our main class of malware we are interested in classifying is the popular Zeus malware. For its classification we identify 65 features that are unique and robust for identifying malware families. We show that artifacts like file system, registry, and network features can be used to identify distinct malware families with high accuracy-in some cases as high as 95%.

KW - Automatic analysis

KW - Classification

KW - Malware

UR - http://www.scopus.com/inward/record.url?scp=84893088485&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893088485&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9781450320382

SP - 829

EP - 832

BT - WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web

ER -