Journal
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS
Volume 10, Issue 4, Pages 249-266Publisher
SCIENCE & ENGINEERING RESEARCH SUPPORT SOC
DOI: 10.14257/ijsia.2016.10.4.24
Keywords
Anti-Malware; Static Analysis; WEKA; Machine Learning; Decision Tree
Categories
Funding
- BITS, Pilani, K.K. Birla Goa Campus [Ph603226/Jul. 2012/01]
Ask authors/readers for more resources
Combating malware is very important for software/systems security, but to prevent the software/systems from the advanced malware, viz. metamorphic malware is a challenging task, as it changes the structure/code after each infection. Therefore in this paper, we present a novel approach to detect the advanced malware with high accuracy by analyzing the occurrence of opcodes (features) by grouping the executables. These groups are made on the basis of our earlier studies [1] that the difference between the sizes of any two malware generated by popular advanced malware kits viz. PS-MPC, G2 and NGVCK are within 5 KB. On the basis of obtained promising features, we studied the performance of thirteen classifiers using N-fold cross-validation available in machine learning tool WEKA. Among these thirteen classifiers we studied in-depth top five classifiers (Random forest, LMT, NBT, J48 and FT) and obtain more than 96.28% accuracy for the detection of unknown malware, which is better than the maximum detection accuracy (similar to 95.9%) reported by Santos et al (2013). In these top five classifiers, our approach obtained a detection accuracy of similar to 97.95% by the Random forest.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available