Automated Lineage Inference among Malware Families

To effectively expand illegal proceeds, current malware has exhibited a trend of modular derivation, resulting in a continuous reduction in the time cycle from design to completion of a new family. The rapid evolution of malware families makes lineage analysis urgent for security practitioners. However, the techniques are still in the exploratory stage; their applicability is limited due to the lack of automated methods. As time passes and malware evolves, the insights gained from such methods will become less applicable to new situations, and their reference value will be greatly reduced. In this paper, we propose an automated approach to analyzing the lineage relationship among malware families and apply our approach to a Windows malware dataset of more than 57,000 samples. The experimental results prove that our approach can effectively extract the core functions of samples and reasonably infer the association relationship among different families.