—The research on detection malware variants
attracts much attention in recent years. However current
variant classification methods either are interfered by some
confusion technologies or have a high time or space complexity.
In this paper, a classification technique using dynamic analysis
based on behavior profile is proposed. We capture API calls and
other essential information of running malware, then establish
their multilayer dependency chain according to the dependency
relationship of these function calls. In order to deal with the
confusion, we remove sequence confusion, sequence noise, and
other confusions to optimize the multilayer dependency chain.
Finally, a similarity comparison algorithm is used to identify the
degree of similarity between malware variants. The
experimental results demonstrate that our classification
technique is feasible and effective.
—Malware, variants, dependency chain.
The authors are with the State Key Laboratory of Mathematical
Engineering and Advanced Computing, Zhengzhou 450002, China (e-mail:
Cite: Guanghui Liang, Jianmin Pang, and Chao Dai, "A Behavior-Based Malware Variant Classification Technique," International Journal of Information and Education Technology vol. 6, no. 4, pp. 291-295, 2016.