Structural classification and similarity measurement of malware

Hongbo Shi*, Tomoki Hamagami, Katsunari Yoshioka, Haoyuan Xu, Kazuhiro Tobe, Shigeki Goto

*Corresponding author for this work

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)


    This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families.

    Original languageEnglish
    Pages (from-to)621-632
    Number of pages12
    JournalIEEJ Transactions on Electrical and Electronic Engineering
    Issue number6
    Publication statusPublished - 2014 Nov 1


    • Classification
    • Dynamic link library
    • GHSOM
    • Malware
    • Relationship
    • Tree structure

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering


    Dive into the research topics of 'Structural classification and similarity measurement of malware'. Together they form a unique fingerprint.

    Cite this