The Software Similarity Problem in Malware Analysis

Authors Andrew Walenstein, Arun Lakhotia

Thumbnail PDF


  • Filesize: 183 kB
  • 10 pages

Document Identifiers

Author Details

Andrew Walenstein
Arun Lakhotia

Cite AsGet BibTex

Andrew Walenstein and Arun Lakhotia. The Software Similarity Problem in Malware Analysis. In Duplication, Redundancy, and Similarity in Software. Dagstuhl Seminar Proceedings, Volume 6301, pp. 1-10, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


In software engineering contexts software may be compared for similarity in order to detect duplicate code that indicates poor design, and to reconstruct evolution history. Malicious software, being nothing other than a particular type of software, can also be compared for similarity in order to detect commonalities and evolution history. This paper provides a brief introduction to the issue of measuring similarity between malicious programs, and how evolution is known to occur in the area. It then uses this review to try to draw lines that connect research in software engineering (e.g., on "clone detection") to problems in anti-malware research.
  • Software
  • software evolution
  • commonality
  • program similarity
  • code clones
  • code smells
  • malicious software
  • malware
  • worms
  • Trojans
  • viruses
  • spyware


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail