Mal Netminer

Mal-Netminer: Malware Classification System based on Social Network Analysis of Call Graph

1.  Introduction

Mal-Netminer is the system enables classify malware using automatic classifiers by employing graph metrics commonly used in social network analysis. To analyze the general structural information of malware and measure the influence of system calls found in malware, Mal-Netminer adopts social network analysis. Our system uses social network metrics such as the degree distribution, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. 

2.  Publication

Jae-wook Jang, Jiyoung Woo, Jaesung Yun, and Huy Kang Kim “Mal-Netminer: Malware Classification based on Social Network Analysis of Call Graph” to appear in Proceedings of the 23rd International Conference on World Wide Web Companion, WWW ’14 Companion, 2014. 

Jae-wook Jang, Jiyoung Woo, Aziz Mohaisen, Jaesung Yun, and Huy Kang Kim, “Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph,” Mathematical Problems in Engineering, vol. 2015, Article ID 769624, 20 pages, 2015. doi:10.1155/2015/769624

3.  Dataset Release

To mitigate malware threats on PC and engage the research community to better our understanding and defense, we are happy to release our dataset to the community. However, to avoid using malicious purposes, please send us the request from your official email account (e.g., university, industry, etc).

Contact : Huy Kang Kim (cenda at

    • Textual description of dataset [ download ]  

4.  Acknowledgement

Mal-Netminer is developed by Hacking and Countermeasure Research Lab in the Graduate School of Information Security at the Korea University of Korea.

Please contact “Huy Kang Kim” (cenda at if you have any question.