Analysis of malware behaviour: using data mining clustering techniques to support forensics investigation

Edem Inang Edem, Chafika Benzaid, Ameer Al-Nemrat, Paul Watters

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

12 Citations (Scopus)

Abstract

The proliferation of malware in recent times have accounted for the increase in computer crimes and prompted for a more aggressive research into improved investigative strategies, to keep up with the menace. Recent techniques and tools that have been developed and adopted to keep up in an arms race with malware authors who have resorted to the use of evasive techniques to avoid analysis during investigation is an on-going concern. Exploring dynamic analysis is unarguably, a positive step to supporting static evidence with malware dynamic behaviour logs. In view of this, analysing this huge generated reports raises concerns about speed, accuracy and performance.This research proposes an Automated Malware Investigative Framework Model, a component based approach that is designed to support investigation by integrating both malware analysis and data mining clustering techniques as part of an effort to solve the problem of overly generated reports. Thus, grouping analysed suspicious samples that exhibit similar behavioural features to make investigation easy and more intuitive. The focus of this paper however, is on implementing sub-components of the framework that directly deals with the problem at hand.

Original languageEnglish
Title of host publicationProceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages54-63
Number of pages10
ISBN (Electronic)9781479988259
DOIs
Publication statusPublished - 2015
Externally publishedYes
Event5th Cybercrime and Trustworthy Computing Conference, CTC 2014 - Aukland, New Zealand
Duration: 24 Nov 201425 Nov 2014

Other

Other5th Cybercrime and Trustworthy Computing Conference, CTC 2014
Country/TerritoryNew Zealand
CityAukland
Period24/11/1425/11/14

Keywords

  • Clustering techniques
  • Data mining
  • Digital forensics
  • Malware behaviour

Fingerprint

Dive into the research topics of 'Analysis of malware behaviour: using data mining clustering techniques to support forensics investigation'. Together they form a unique fingerprint.

Cite this