Exploring timeline-based Malware classification

Research output: Book chapter/Published conference paperChapter (peer-reviewed)peer-review

2 Citations (Scopus)
6 Downloads (Pure)


Over the decades or so, Anti-Malware (AM) communities have been faced with a substantial increase in malware activity, including the development of ever-more-sophisticated methods of evading detection. Researchers have argued that an AM strategy which is successful in a given time period cannot work at a much later date due to the changes in malware design. Despite this argument, in this paper, we convincingly demonstrate a malware detection approach, which retains high accuracy over an extended time period. To the best of our knowledge, this work is the first to examine malware executables collected over a span of 10 years. By combining both static and dynamic features of malware and cleanware, and accumulating these features over intervals in the 10-year period in our test, we construct a high accuracy malware detection method which retains almost steady accuracy over the period. While the trend is a slight down, our results strongly support the hypothesis that perhaps it is possible to develop a malware detection strategy that can work well enough into the future.
Original languageEnglish
Title of host publicationSecurity and privacy protection in information processing systems
Subtitle of host publication28th IFIP TC 11 International Conference, SEC 2013, Auckland, New Zealand, July 8-10, 2013. Proceedings
EditorsLech J Janczewski, Henry B Wolfe, Sujeet Shenoi
Place of PublicationGermany
Number of pages13
ISBN (Electronic)9783642392184
ISBN (Print)9783642392177
Publication statusPublished - 2013

Publication series

NameIFIP advances in information and communication technology


Dive into the research topics of 'Exploring timeline-based Malware classification'. Together they form a unique fingerprint.

Cite this