| Popis: |
This paper describes Variant, a testing framework for projects attempting to locate variants of malware families through similarity testing. The framework is a series of tests and data standards to evaluate recall and precision in tools that attempt to statically measure similarity in implementation of compiled software, specifically in determining code reuse in compiled software to identify malware variants. The paper offers a malware test dataset that has been manually analyzed to provide a gold standard dataset to be used in current and future malware variant detection works. This set provides a much needed resource in standardizing results across numerous works that have, so far, been tested against datasets that are either not reproducible, algorithmically derived, or both. The framework and dataset provided in this paper are used to test several malware detection approaches published in academic works or used in industry. Finally, the paper brings alignment of testing and reporting methods used in malware variant detection to those used in other statical testing methods used in industry and academia. |
