Parameter Tuning and Confidence Limits of Malware Clustering

Abstract

The growing number of new malware and the sophisticated obfuscation techniques used by malware authors are causing major problems in identifying, managing, and releasing anti-malware products to the consumers. Clustering malware variants based on their behavior has the potential to ease this problem of scale and conveniently lend itself to better, faster, and efficient prioritization of malware analysis. In this paper, we cluster real-world malware and expand on commonly used algorithms through fine grained testing. Results of top performing algorithms are discussed.