MS Researchers Tackle Automated Malware Classification

By Ryan Naraine  |  Posted 2006-05-11 Print this article Print

Microsoft's anti-malware engineering team is proposing the use of distance measure and machine learning techniques to come up with automated way classify virus families.

Researchers from Microsoft's anti-malware engineering team are working on an automated way to sort through the thousands of malware families and variants attacking Windows computers.

The company unveiled its plans at the EICAR (European Institute for Computer Anti-Virus Research) conference in Hamburg, Germany, proposing the use of distance measure and machine learning technologies to come up with automatic classification of viruses, Trojans, spyware, rootkits and other malicious software programs.

A research paper presented by Microsoft's lead anti-virus researcher, Tony Lee, described the existing process of manual human malware analysis as "inefficient and inadequate" and suggested an ambitious method that combines runtime behavior analysis, static binary analysis and adaptable algorithms to automate classification.

"In recent years, the number of malware families/variants has exploded dramatically…Virus [and] spyware writers continue to create a large number of new families and variants at an increasingly fast rate," Lee said, arguing that automatic malware classification has become an important research area.

He said Microsoft's attempts to automate static file analysis present "considerable challenges" because of the way malware families evolve.

Lee, a graduate at the University of California at Berkeley, said the dramatic rise in malware prevalence in recent years has forced the anti-virus industry to change the way the threats are detected, analyzed, classified, described and eventually removed.

"[We believe] that an effective classification method can serve better detection, cleaning and analysis solutions," Lee added.

In a white paper co-written with Microsoft program manager Jigar Mody, Lee said the automated process would get around the traditional way in which new malware samples are sorted.

Read the full story on eWEEK.com: MS Researchers Tackle Automated Malware Classification


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.