Abstract
We apply a variation of socio-cultural cognitive mapping (SCM) to computer malware features explored previously by Saxe and Berlin that characterized malware binaries as benign or malicious based on 1024 program features derived from a deep neural network-based detection system. In this work, we model the features as attributes within a latent spatial domain using a weighted consensus graph representation to visualize and analyze the malware binary communities. The data used in our analysis is extracted from a Remote Access Trojan family named Sakula that first appeared in 2012, and has been used to enable an adversary to run interactive commands and execute remote program functions. Our results show that by SCM we were able to identify distinct malware communities within the malware family, which revealed insights into the overall structure of the various binaries as well as possible temporal relationships between the binaries.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Blondel VD, Guillaume J-L, Lambiotte R, Lefebvre E (2008) Fast unfolding of communities in large networks. J Stat Mech 2008:10008
Dell SecureWorks Counter Threat Unit, “Sakula Malware Family,” SecureWorks (2015) https://www.secureworks.com/research/sakula-malware-family. Accessed Apr 2019
Kornblum J (2006) Identifying almost identical files using context triggered piecewise hashing. The Digital Forensic Research Conference 3:91–97
Lindner G, Staudt CL, Hamann M, Meyerhenke H, Wagner D (2015) Structure-preserving sparsification of social networks. CoRR, vol abs/1505.00564
McCulloh I, Johnson A (2013) Social network analysis with applications. Wiley, Hoboken
Morgan GP, Levine J, Carley KM (2017) Socio-cultural cognitive mapping. In: Social, cultural, and behavioral modeling. Springer, Berlin, pp 71–76
Premachandran V, Kakarala R (2013) Consensus of k-NNs for robust neighborhood selection on graph-based manifolds. In: 2013 IEEE conference on computer vision and pattern recognition
Qiao L, Zhang L, Chen S, Shen D (2018) Data-driven graph construction and graph learning: a review. Neurocomputing 312:336–351
Satuluri V, Parthasarathy S, Ruan Y (2011) Local graph sparsification for scalable clustering. In: Proceedings of the 2011 ACM SIGMOD international conference on management of data, New York, NY, USA
Saxe J, Berlin K (2015) Deep neural network based malware detection using two dimensional binary program features. In: 10th international conference on malicious and unwanted software (MALWARE)
VirusTotal (2019) https://www.virustotal.com. Accessed July 2019
Ye Y, Li T, Adjeroh D, Iyengar SS (2017) A survey on malware detection using data mining techniques. ACM Comput Surv 50(3):41:1–41:40
Funding
Funding were provided by Office of Naval Research (Grant No. N00014-18-1-2111) and National Science Foundation (Grant No. DGE 1745016).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Cruickshank, I., Johnson, A., Davison, T. et al. Detecting malware communities using socio-cultural cognitive mapping. Comput Math Organ Theory 26, 307–319 (2020). https://doi.org/10.1007/s10588-019-09300-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10588-019-09300-w