TY - JOUR TI - Evaluation of malware phylogeny modelling systems using automated variant generation AU - Hayes, Matthew AU - Walenstein, Andrew AU - Lakhotia, Arun T2 - Journal in Computer Virology AB - A malware phylogeny model is an estimation of the derivation relationships between a set of malware samples. Systems that construct phylogeny models are expected to be useful for malware analysts. While several such systems have been proposed, little is known about the consistency of their results on different data sets, about their generalizability across different types of malware evolution. This paper explores these issues using two artificial malware history generators: systems that simulate malware evolution according to different evolution models. A quantitative study was conducted using two phylogeny model construction systems and multiple samples of artificial evolution. High variability was found in the quality of their results on different data sets, and the systems were shown to be sensitive to the characteristics of evolution in the data sets. The results call into question the adequacy of evaluations typical in the field, raise pragmatic concerns about tool choice for malware analysts, and underscore the important role that model-based simulation is expected to play in evaluating and selecting suitable malware phylogeny construction systems. DA - 2009/11/01/ PY - 2009 DO - 10.1007/s11416-008-0100-6 DP - link.springer.com VL - 5 IS - 4 SP - 335 EP - 343 J2 - J Comput Virol LA - en SN - 1772-9890, 1772-9904 UR - http://link.springer.com/article/10.1007/s11416-008-0100-6 Y2 - 2014/01/06/20:36:53 KW - Computer Science, general ER -