An Empirical Study of Malware Evolution
Source: University of Wisconsin-Madison
The diversity, sophistication and availability of malicious software (malcode/malware) pose enormous challenges for securing networks and end hosts from attacks. This paper analyzes a large corpus of malcode meta data compiled over a period of 19 years. The aim is to understand how malcode has evolved over the years, and in particular, how different instances of malcode relate to one another. The paper develops a novel graph pruning technique to establish the inheritance relationships between different instances of malcode based on temporal information and key common phrases identified in the malcode descriptions. The algorithm enables a range of possible inheritance structures. The paper studies the resulting "Likely" malcode families, which the author identifies through extensive manual investigation.