Authors: Hong-Koo Kang, Seung-Goo Ji and Hyun-Cheol Jeong
Recently variant malwares are greatly increasing, and malware groups consisting of one or more malwares are quickly spreading. To effectively cope with malware groups and variants, a system for managing malware groups and variants and sharing information with anti-virus companies is necessary. This paper proposes a system for efficiently managing and sharing information on malware groups and variants based on analysis of large volumes of malware data. Malware group data is generated by malware data linked on the basis of malware behaviors, and malware variant data is generated by the similarity between malwares based on CFG analysis. As the system proposed in this paper can easily search for and share malware group and variant data, it can be easily linked to various malware response systems.
Keywords: malware; variant; groups; management system