Visible to the public Clustering Analysis of Email Malware Campaigns

TitleClustering Analysis of Email Malware Campaigns
Publication TypeConference Paper
Year of Publication2021
AuthorsZhang, Ruichao, Wang, Shang, Burton, Renee, Hoang, Minh, Hu, Juhua, Nascimento, Anderson C A
Conference Name2021 IEEE International Conference on Cyber Security and Resilience (CSR)
Date Publishedjul
Keywordsclustering analysis, data mining, Dynamic scheduling, email campaigns, feature extraction, Human Behavior, Labeling, Malware, malware analysis, malware feature extraction, Malware labeling, Metrics, privacy, pubcrawl, resilience, Resiliency, Task Analysis, Tools
AbstractThe task of malware labeling on real datasets faces huge challenges--ever-changing datasets and lack of ground-truth labels--owing to the rapid growth of malware. Clustering malware on their respective families is a well known tool used for improving the efficiency of the malware labeling process. In this paper, we addressed the challenge of clustering email malware, and carried out a cluster analysis on a real dataset collected from email campaigns over a 13-month period. Our main original contribution is to analyze the usefulness of email's header information for malware clustering (a novel approach proposed by Burton [1]), and compare it with features collected from the malware directly. We compare clustering based on email header's information with traditional features extracted from varied resources provided by VirusTotal [2], including static and dynamic analysis. We show that email header information has an excellent performance.
DOI10.1109/CSR51186.2021.9527902
Citation Keyzhang_clustering_2021