Automatic clustering of malware variants

The emergence of malware creation tools in recent years has facilitated the creation of new variations of existing malware instances. Typically, Anti-Virus companies process new malware instances manually to determine their maliciousness and generate their signatures. However, with the overwhelming number of new malware variants that are created automatically to evade pattern based detection, manual analysis is becoming a bottleneck that hinders the process of responding to new threats. This paper proposes a novel method to automatically cluster malware variants into malware families based on the structured control flow graphs of the malware instances. Our final results demonstrate high effectiveness in terms of accuracy, an average of %94 accuracy, and speed in clustering malware variants.