DeepAI AI Chat
Log In Sign Up

SourceFinder: Finding Malware Source-Code from Publicly Available Repositories

by   Md Omar Faruk Rokon, et al.
University of California, Riverside

Where can we find malware source code? This question is motivated by a real need: there is a dearth of malware source code, which impedes various types of security research. Our work is driven by the following insight: public archives, like GitHub, have a surprising number of malware repositories. Capitalizing on this opportunity, we propose, SourceFinder, a supervised-learning approach to identify repositories of malware source code efficiently. We evaluate and apply our approach using 97K repositories from GitHub. First, we show that our approach identifies malware repositories with 89 SourceFinder to identify 7504 malware source code repositories, which arguably constitutes the largest malware source code database. Finally, we study the fundamental properties and trends of the malware repositories and their authors. The number of such repositories appears to be growing by an order of magnitude every 4 years, and 18 malware authors seem to be "professionals" with well-established online reputation. We argue that our approach and our large repository of malware source code can be a catalyst for research studies, which are currently not possible.


Public Git Archive: a Big Code dataset for all

The number of open source software projects has been growing exponential...

The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development

During the last decades, the problem of malicious and unwanted software ...

HackerScope: The Dynamics of a Massive Hacker Online Ecosystem

Authors of malicious software are not hiding as much as one would assume...

Issued for Abuse: Measuring the Underground Trade in Code Signing Certificate

Recent measurements of the Windows code-signing certificate ecosystem ha...

Repo2Vec: A Comprehensive Embedding Approach for Determining Repository Similarity

How can we identify similar repositories and clusters among a large onli...

dewolf: Improving Decompilation by leveraging User Surveys

Analyzing third-party software such as malware or firmware is a crucial ...

The Rise of GitHub in Scholarly Publications

The definition of scholarly content has expanded to include the data and...