Mississippi State University
Bethel, Cindy L.
Date of Degree
Original embargo terms
Campus Access Only 2 Years
Dissertation - Campus Access Only
Doctor of Philosophy (Ph.D)
James Worth Bagley College of Engineering
Department of Computer Science and Engineering
Malware is the source or a catalyst for many of the attacks on our cyberspace. Malware analysts and other cybersecurity professionals are responsible for responding to and understanding attacks to mount a defense against the attacks in our cyberspace. The sheer amount of malware alone makes this a difficult task, but malware is also increasing in complexity. This research provides empirical evidence that a hybrid approach using token-based and semantic-based code clones can identify similarities between malware. In addition, the use of different normalization techniques and the use of undirected matrices versus directed matrices were studied. Lastly, the impact of the use of inexact code clones was evaluated. Our results showed that our approach to determining the similarity between malware outperforms two methods currently used in malware analyses. In addition, we showed that overly generalized normalization of code sections would hinder the performance of the proposed method. At the same time, there is no significant difference between the use of directed and undirected matrices. This research also confirmed the positive impact of using inexact code clones when determining similarity.
Lanclos, Christopher I. G., "Identifying malware similarity through token-based and semantic code clones" (2023). Theses and Dissertations. 6049.