Malpedia: A Collaborative Effort to Inventorize the Malware Landscape
| Autor: | Plohmann, Daniel, Clauß, Martin, Enders, Steffen, Padilla, Elmar |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: | |
| DOI: | 10.18464/cybin.v3i1.17 |
| Popis: | For more than a decade now, a perpetual influx of new malware samples can be observed. To analyze this flood effectively, static analysis is still one of the most important methods. Thus, it would be highly desirable to have an open, freely accessible, curated, and cleanly labeled corpus of unpacked malware samples for research on static analysis methods. In this paper, we introduce MALPEDIA, a collaboration platform for curating a malware corpus. Additionally, we provide a baseline for a cleanly labeled malware corpus consisting of 607 families divided into 1792 samples. This corpus offers a plethora of possibilities for researchers, including using it as a testbed for evaluations on detection and analysis methods, quality assurance for classification, and contextualization of new malware. To ensure the quality of our corpus, we adapted the requirements by Rossow et al., derive specific requirements for the context of static malware analysis, and evaluate our corpus against them. Based on our corpus, we show that looking beyond packers dramatically reduces the size needed for a corpus to be representative, as the number of distinct malware families and versions after unpacking is orders of magnitude smaller than the number of unique packed samples. Additionally, we perform a comprehensive study of the Windows malware in the corpus, scrutinizing its structural features. This analysis clearly illustrates that MALPEDIA offers a wealth of information, readily available for in-depth investigations. The Journal on Cybercrime & Digital Investigations, Vol 3 No 1 (2017): Botconf 2017 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|