Mal-Netminer: Malware Classification System 

based on Social Network Analysis of Call Graph 


1.  Introduction

Mal-Netminer is the system enables classify malware using automatic classifiers by employing graph metrics commonly used in social network analysis. To analyze the general structural information of malware and measure the influence of system calls found in malware, Mal-Netminer adopts social network analysis. Our system uses social network metrics such as the degree distribution, degree centrality, and average distance, which are implicitly equivalent to distinct behavioral characteristics. 


2.  Publication

Jae-wook Jang, Jiyoung Woo, Jaesung Yun, and Huy Kang Kim “Mal-Netminer: Malware Classification based on Social Network Analysis of Call Graph” to appear in Proceedings of the 23rd International Conference on World Wide Web Companion, WWW ’14 Companion, 2014. 

Jae-wook Jang, Jiyoung Woo, Aziz Mohaisen, Jaesung Yun, and Huy Kang Kim, “Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph,” Mathematical Problems in Engineering, vol. 2015, Article ID 769624, 20 pages, 2015. doi:10.1155/2015/769624


3.  Dataset Release

For academic purposes, we are happy to release our dataset. However, to avoid indiscriminate distribution of malware, you need the password to unzip the dataset. Please send us a request sent by your official email account. If you use our dataset for your experiment, please cite our paper.

Contact : Huy Kang Kim (cenda at korea.ac.kr)

Dataset Download Link: Download


4.  Acknowledgement

Mal-Netminer is developed by Hacking and Countermeasure Research Lab in the Graduate School of Information Security at the Korea University of Korea.


Please contact “Huy Kang Kim” (cenda at korea.ac.kr) if you have any question.