Mal-Netminer: Malware Classification Approach based on Social Network Analysis of System Call Graph

As the security landscape evolves over time, where thousands of species of malicious codes are seen every day, antivirus vendors strive to detect and classify malware families for efficient and effective responses against malware campaigns. To enrich this effort, and by capitalizing on ideas from the social network analysis domain, we build a tool that can help classify malware families using features driven from the graph structure of their system calls. To achieve that, we first construct a system call graph that consists of system calls found in the execution of the individual malware families. To explore distinguishing features of various malware species, we study social network properties as applied to the call graph, including the degree distribution, degree centrality, average distance, clustering coefficient, network density, and component ratio. We utilize features driven from those properties to build a classifier for malware families. Our experimental results show that influence-based graph metrics such as the degree centrality are effective for classifying malware, whereas the general structural metrics of malware are less effective for classifying malware. Our experiments demonstrate that the proposed system performs well in detecting and classifying malware families within each malware class with accuracy greater than 96%.Comment: Mathematical Problems in Engineering, Vol 201

Early-type Host Galaxies of Type Ia Supernovae. I. Evidence for Downsizing

Type Ia supernova (SN Ia) cosmology provides the most direct evidence for the presence of dark energy. This result is based on the assumption that the look-back time evolution of SN Ia luminosity, after light-curve corrections, would be negligible. Recent studies show, however, that the Hubble residual (HR) of SN Ia is correlated with the mass and morphology of host galaxies, implying the possible dependence of SN Ia luminosity on host galaxy properties. In order to investigate this more directly, we have initiated spectroscopic survey for the early-type host galaxies, for which population age and metallicity can be more reliably determined from the absorption lines. As the first paper of the series, here we present the results from high signal-to-noise ratio (>100 per pixel) spectra for 27 nearby host galaxies in the southern hemisphere. For the first time in host galaxy studies, we find a significant (~3.9sigma) correlation between host galaxy mass (velocity dispersion) and population age, which is consistent with the "downsizing" trend among non-host early-type galaxies. This result is rather insensitive to the choice of population synthesis models. Since we find no correlation with metallicity, our result suggests that stellar population age is mainly responsible for the relation between host mass and HR. If confirmed, this would imply that the luminosity evolution plays a major role in the systematic uncertainties of SN Ia cosmology.Comment: Accepted for publication in ApJ