Evaluation of Malware Phylogeny Modelling Systems Using Automat

A malware phylogeny model is an estimation of the derivation relationships between a set of species of malware. Systems that construct phylogeny models are expected to be useful for malware analysts. While several different phylogeny construction systems have been proposed, little is known about effective ways of evaluating and comparing them. Little is also known about the consistency of their results on different data sets, about their generalizability across different types of malware evolution, or of what measures are important to consider in evaluation. This paper explores these issues through two distinct artificial malware history generators. A study was conducted using two phylogeny model construction systems. The results underscore the important role that model-based simulation is expected to play in evaluating and selecting suitable malware phylogeny construction systems.