Clustering of Malicious Executable Files Based on the Sequence Analysis of System Calls
- Authors: Ognev R.A.1, Zhukovskii E.V.1, Zegzhda D.P.1
-
Affiliations:
- Peter the Great St. Petersburg Polytechnic University (SPbPU)
- Issue: Vol 53, No 8 (2019)
- Pages: 1045-1055
- Section: Article
- URL: https://journals.rcsi.science/0146-4116/article/view/176009
- DOI: https://doi.org/10.3103/S0146411619080212
- ID: 176009
Cite item
Abstract
The use of clustering algorithms to determine the types of malicious software files based on the analysis of the WinAPI function call sequences is investigated. The use of clustering algorithms such as k-means, EM-algorithm, hierarchical algorithm, and the affinity propagation method is considered. The quality of clustering is evaluated using the silhouette metrics, the Calinski–Harabasz index, and the Davies–Bouldin index.
About the authors
R. A. Ognev
Peter the Great St. Petersburg Polytechnic University (SPbPU)
Email: dmitry@ibks.spbstu.ru
Russian Federation, St. Petersburg, 195251
E. V. Zhukovskii
Peter the Great St. Petersburg Polytechnic University (SPbPU)
Author for correspondence.
Email: spbzhuk@gmail.com
Russian Federation, St. Petersburg, 195251
D. P. Zegzhda
Peter the Great St. Petersburg Polytechnic University (SPbPU)
Author for correspondence.
Email: dmitry@ibks.spbstu.ru
Russian Federation, St. Petersburg, 195251