Graph, entropy and grid computing: automatic comparison of malware

Ismael Briones Vilar PandaLabs

Nowadays AV laboratories are saturated with huge collections of malware which are received daily. It's a fact that the industry needs better methods to automatically identify, analyse and classify these amounts of samples. AV laboratories cannot continue working as they did years ago (or even months ago).

In this paper we will explain an automated classification system to identify files with similar internal structures. We will use graph theory as a way to identify similar functions between malware samples. This system helps to minimize human error and false positive detection

Previous research with graph theory has proven to be useful in finding similarities between malware variants, however these systems don't have good performance. To solve the performance problem we will discuss some methods that can be used for this purpose: an algorithm, based in entropy and custom checksum, (in order to group similar files) and a grid computing system.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘VB is the best technical conference I have ever attended.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Virus Bulletin

In this month's magazine:

Social networking meets social engineering
Flying solo
Geneva convention
7th German Anti Spam Summit 2009
Anti-phishing landing page: turning a 404 into a teachable moment
An update on spamming botnets: are we losing the war?
Windows Server 2008 Standard Edition SP2 x86

Subscribe now!

Virus Bulletin currently has 190,961 registered users.

Fighting malware and spam