COMPUTER SCIENCE
and ENGINEERING

In order to conduct in-depth analysis on the operating principle of malware and reduce its analysis period, this article proposes a behavior analysis based malware family clustering method; it conducts deeper layer behavior correlation analysis according to sample selection of different families, to generate the Security Threat Intelligence representing for the malwares of this family. It is beneficial to the rapid expansion of antimalware engine behavior library, and can give active response to host computer security events, to detect malware variants. According to experimental findings, this method can extract effective Security Threat Intelligence, detect malware quite effectively and efficiently.

Security threat intelligence (STI); Malware family clustering; Behavior correlation analysis