Theses and Dissertations

ORCID

https://orcid.org/0000-0002-9760-3750

Issuing Body

Mississippi State University

Advisor

Rahimi, Shahram

Committee Member

Hamilton, John

Committee Member

Bethel, Cindy L.

Committee Member

Torri, Stephen

Date of Degree

12-8-2023

Original embargo terms

Campus Access Only 2 Years

Document Type

Dissertation - Campus Access Only

Major

Computer Science

Degree Name

Doctor of Philosophy (Ph.D)

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

Malware is the source or a catalyst for many of the attacks on our cyberspace. Malware analysts and other cybersecurity professionals are responsible for responding to and understanding attacks to mount a defense against the attacks in our cyberspace. The sheer amount of malware alone makes this a difficult task, but malware is also increasing in complexity. This research provides empirical evidence that a hybrid approach using token-based and semantic-based code clones can identify similarities between malware. In addition, the use of different normalization techniques and the use of undirected matrices versus directed matrices were studied. Lastly, the impact of the use of inexact code clones was evaluated. Our results showed that our approach to determining the similarity between malware outperforms two methods currently used in malware analyses. In addition, we showed that overly generalized normalization of code sections would hinder the performance of the proposed method. At the same time, there is no significant difference between the use of directed and undirected matrices. This research also confirmed the positive impact of using inexact code clones when determining similarity.

Download

Share

COinS