期刊
出版社
IEEE
DOI: 10.1109/CSE-EUC.2017.157
关键词
malware detection; attribute similarity; machine learning; unknown malware; static analysis
资金
- National Natural Science Foundation of China [61402106]
- Natural Science Foundation of Guangdong Province of China [2014A030313632]
- International cooperative innovation platform [2015KGJHZ027]
Unknown malware has increased dramatically, but the existing security software cannot identify them effectively. In this paper, we propose a new malware detection and classification method based on n-grams attribute similarity. We extract all n-grams of byte codes from training samples and select the most relevant as attributes. After calculating the average value of attributes in malware and benign separately, we determine a test sample is malware or benign by attribute similarity between attributes of the test sample and the two average attributes of malware and benign. We compare our method with a variety of machine learning methods, including Naive Bayes, Bayesian Networks, Support Vector Machine and C4.5 Decision Tree. Experimental results on public (Open Malware Benchmark) and private (self-collected) datasets both reveal that our method outperforms the other four methods.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据