Effective Malware Detection Based on Behaviour and Data Features
作者: Zhiwu Xu , Cheng Wen , Shengchao Qin , Zhong Ming
DOI: 10.1007/978-3-319-73830-7_6
关键词:
摘要: Malware is one of the most serious security threats on Internet today. Traditional detection methods become ineffective as malware continues to evolve. Recently, various machine learning approaches have been proposed for detecting malware. However, either they focused behaviour information, leaving data information out consideration, or did not consider too much about new with different behaviours versions obtained by obfuscation techniques. In this paper, we propose an effective approach using learning. Different from existing work, take into account only but also namely, opcodes, types and system libraries used in executables. We employ our implementation. Several experiments are conducted evaluate approach. The results show that (1) classifier trained Random Forest performs best accuracy 0.9788 AUC 0.9959; (2) all features (including types) detection; (3) capable some fresh malware; (4) has a resistance
springer.com
sci-hub.se 参考文章(20)
Nikos Karampatziakis, Jack W. Stokes, Anil Thomas, Mady Marinescu, Using file relationships in malware classification international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 20 ,(2012) , 10.1007/978-3-642-37300-8_1
Yuval Elovici, Asaf Shabtai, Robert Moskovitch, Gil Tahan, Chanan Glezer, Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence. pp. 44- 50 ,(2007) , 10.1007/978-3-540-74565-5_5
Joshua Saxe, Konstantin Berlin, Deep neural network based malware detection using two dimensional binary program features international conference on malicious and unwanted software. pp. 11- 20 ,(2015) , 10.1109/MALWARE.2015.7413680
Rafiqul Islam, Ronghua Tian, Lynn M. Batten, Steve Versteeg, Review: Classification of malware based on integrated static and dynamic features Journal of Network and Computer Applications. ,vol. 36, pp. 646- 656 ,(2013) , 10.1016/J.JNCA.2012.10.004
Mohammad M Masud, Latifur Khan, Bhavani Thuraisingham, None, A scalable multi-level feature extraction technique to detect malicious executables Information Systems Frontiers. ,vol. 10, pp. 33- 45 ,(2008) , 10.1007/S10796-007-9054-3
Yanfang Ye, Tao Li, Yong Chen, Qingshan Jiang, Automatic malware categorization using cluster ensemble knowledge discovery and data mining. pp. 95- 104 ,(2010) , 10.1145/1835804.1835820
Blake Anderson, Curtis Storlie, Terran Lane, Improving malware classification Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec '12. pp. 3- 14 ,(2012) , 10.1145/2381896.2381900
Igor Santos, Felix Brezo, Xabier Ugarte-Pedrero, Pablo G Bringas, None, Opcode sequences as representation of executables for data-mining-based unknown malware detection Information Sciences. ,vol. 231, pp. 64- 82 ,(2013) , 10.1016/J.INS.2011.08.020
Yanfang Ye, Dingding Wang, Tao Li, Dongyi Ye, IMDS Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '07. pp. 1043- 1047 ,(2007) , 10.1145/1281192.1281308
Philippe Beaucamps, Eric Filiol, On the possibility of practically obfuscating programs towards a unified perspective of code protection Journal in Computer Virology. ,vol. 3, pp. 3- 21 ,(2007) , 10.1007/S11416-006-0029-6