Title | Clustering Analysis of Email Malware Campaigns |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Zhang, Ruichao, Wang, Shang, Burton, Renee, Hoang, Minh, Hu, Juhua, Nascimento, Anderson C A |
Conference Name | 2021 IEEE International Conference on Cyber Security and Resilience (CSR) |
Date Published | jul |
Keywords | clustering analysis, data mining, Dynamic scheduling, email campaigns, feature extraction, Human Behavior, Labeling, Malware, malware analysis, malware feature extraction, Malware labeling, Metrics, privacy, pubcrawl, resilience, Resiliency, Task Analysis, Tools |
Abstract | The task of malware labeling on real datasets faces huge challenges--ever-changing datasets and lack of ground-truth labels--owing to the rapid growth of malware. Clustering malware on their respective families is a well known tool used for improving the efficiency of the malware labeling process. In this paper, we addressed the challenge of clustering email malware, and carried out a cluster analysis on a real dataset collected from email campaigns over a 13-month period. Our main original contribution is to analyze the usefulness of email's header information for malware clustering (a novel approach proposed by Burton [1]), and compare it with features collected from the malware directly. We compare clustering based on email header's information with traditional features extracted from varied resources provided by VirusTotal [2], including static and dynamic analysis. We show that email header information has an excellent performance. |
DOI | 10.1109/CSR51186.2021.9527902 |
Citation Key | zhang_clustering_2021 |