Theses and Dissertations


Issuing Body

Mississippi State University


Rahimi, Shahram

Committee Member

Hamilton, John

Committee Member

Bethel, Cindy L.

Committee Member

Torri, Stephen

Date of Degree


Original embargo terms

Campus Access Only 2 Years

Document Type

Dissertation - Campus Access Only


Computer Science

Degree Name

Doctor of Philosophy (Ph.D)


James Worth Bagley College of Engineering


Department of Computer Science and Engineering


Malware is the source or a catalyst for many of the attacks on our cyberspace. Malware analysts and other cybersecurity professionals are responsible for responding to and understanding attacks to mount a defense against the attacks in our cyberspace. The sheer amount of malware alone makes this a difficult task, but malware is also increasing in complexity. This research provides empirical evidence that a hybrid approach using token-based and semantic-based code clones can identify similarities between malware. In addition, the use of different normalization techniques and the use of undirected matrices versus directed matrices were studied. Lastly, the impact of the use of inexact code clones was evaluated. Our results showed that our approach to determining the similarity between malware outperforms two methods currently used in malware analyses. In addition, we showed that overly generalized normalization of code sections would hinder the performance of the proposed method. At the same time, there is no significant difference between the use of directed and undirected matrices. This research also confirmed the positive impact of using inexact code clones when determining similarity.