A Malware Classification Method Based on Generic Malware Information

Since attackers easily have been making malware using dedicated malware generation tools, the number of malware is increasing rapidly. However, it is hard to analyze all malwares because of rise in high-volume of malwares. For this reason, many researchers have proposed the malware classification methods for classifying new and wellknown types of malwares in order to focus on analyzing new malwares. The existing methods mostly try to find out good features which are used as a criterion of calculating a similarity between malwares for improving a classification accuracy. So, these methods extract the features including malicious behavior information by performing static and dynamic analysis, but analyzing many malwares itself spends too much time and efforts. In this paper, we propose a malware classification method for finding new types from large scale malwares using generic malware information. Proposed method can be used for a pre-step so as to help the existing methods reduce the spending time in analysis and classification for malwares. It improve the classificaion accuracy of malwares by using an imphash and proved a classification accuracy based on the imphash is more than 99% while maintaining a low false positive rate.