Evolutionary algorithms for classification of malware families through different network behaviors

The staggering increase of malware families and their di- versity poses a significant threat and creates a compelling need for automatic classification techniques. In this paper, we first analyze the role of network behavior as a pow- erful technique to automatically classify malware families and their polymorphic variants. Afterwards, we present a framework to efficiently classify malware families by mod- eling their different network behaviors (such as HTTP, SMTP, UDP, and TCP). We propose protocol-aware and state-space modeling schemes to extract features from malware network behaviors. We analyze the applicability of various evolu- tionary and non-evolutionary algorithms for our malware family classification framework. To evaluate our framework, we collected a real-world dataset of 6, 000 unique and active malware samples belonging to 20 different malware fami- lies. We provide a detailed analysis of network behaviors exhibited by these prevalent malware families. The results of our experiments shows that evolutionary algorithms, like sUpervised Classifier System (UCS), can effectively classify malware families through different network behaviors in real- time. To the best of our knowledge, the current work is the first malware classification framework based on evolutionary classifier that uses different network behaviors.status: publishe