Abstract: To classify malwares effectively, a malware classification method based on text mining is proposed. Code string extracting stage can decorticate and disassemble malwares and extract structured code strings of malwares.Hierarchical clustering algorithm is used to cluster malwares into malware families. Then quantitative analysis on malware families is conducted, and the malware families. feature vector is obtained. Distance between malwares captured by mobile honeypot and malware families are calculated. Then the nearest malwares are devided into corresponding malware families. Classification experiment result proves the accuracy and efficiency of the new classification method.

Key words: malware, hierarchical clustering, text mining