### Homology analysis of malicious code and family clustering

QIAN Yucun, PENG Guojun, WANG Ying, LIANG Yu

1. School of Computer, Wuhan University, Wuhan 430072, China
• Online:2015-09-15 Published:2015-10-13

### 恶意代码同源性分析及家族聚类

1. 武汉大学 计算机学院，武汉 430072

Abstract: With the problem of the explosive growth of malicious code and many of the malicious samples are variations of previously encountered samples, this paper presents a novel approach to investigate the homology of malicious code based on behavior characteristics. To distinguish the variations of malicious code, it studies the malicious behavior of malwares, then computes the similarity of characteristics and the call graphs which are extracted by disassembly tools. It employs the clustering algorithms of DBSCAN to discover the family of malicious code. Experiments show that it effectively investigates the homology of malicious code and cluster variations into different malicious code family.