Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(394.4KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malware In Executable Files
Emmanuel Masabo, Kyanda Swaib Kaawaase, Julianne Sansa-Otim, Damien Hanyurwimfura
Pages - 25 - 33     |    Revised - 31-03-2017     |    Published - 30-04-2017
Volume - 11   Issue - 2    |    Publication Date - April 2017  Table of Contents
MORE INFORMATION
KEYWORDS
Malware Detection, Static Analysis, Dynamic Analysis, Polymorphic Malware, Machine Learning.
ABSTRACT
Some malware are sophisticated with polymorphic techniques such as self-mutation and emulation based analysis evasion. Most anti-malware techniques are overwhelmed by the polymorphic malware threats that self-mutate with different variants at every attack. This research aims to contribute to the detection of malicious codes, especially polymorphic malware by utilizing advanced static and advanced dynamic analyses for extraction of more informative key features of a malware through code analysis, memory analysis and behavioral analysis. Correlation based feature selection algorithm will be used to transform features; i.e. filtering and selecting optimal and relevant features. A machine learning technique called K-Nearest Neighbor (K-NN) will be used for classification and detection of polymorphic malware. Evaluation of results will be based on the following measurement metrics-True Positive Rate (TPR), False Positive Rate (FPR) and the overall detection accuracy of experiments.
CITED BY (0)  
1 Google Scholar
2 BibSonomy
3 ResearchGate
4 Scribd
5 SlideShare
1 Symantec, "015 Internet Security Threat Report," Internet Security Threat Report, 2015. [Online]. Available: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Symantec_annual_internet_threat_report_ITU2015.pdf.
2 Lavasoft, "Detecting Polymorphic Malware." [Online]. Available: http://www.lavasoft.com/mylavasoft/securitycenter/whitepapers/detecting-polymorphic-malware. [Accessed: 01-Sep-2016].
3 A. Sharma and S. K. Sahay, "Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey," International Journal of Computer Applications, vol. 90, no. 2, pp. 7-11, 2014.
4 S. K. Pandey and B. M. Mehtre, "A lifecycle based approach for malware analysis," Proceedings - 2014 4th International Conference on Communication Systems and Network Technologies, CSNT 2014, pp. 767-771, 2014.
5 Y. Prayudi and S. Yusirwan, "the Recognize of Malware Characteristics Through Static and Dynamic Analysis Approach As an Effort To Prevent Cybercrime Activities," Journal of Theoretical and Applied Information Technology (JATIT), vol. 77, no. xx, pp. 438-445, 2015.
6 M. Sikorski and A. Honig, Practical Malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press, Inc., 2012.
7 M. Ahmadi, A. Sami, H. Rahimi, and B. Yadegari, "Malware detection by behavioural sequential patterns," Computer Fraud & Security, vol. 2013, no. 8, pp. 11-19, 2013.
8 S. Kumar, C. Rama Krishna, N. Aggarwal, R. Sehgal, and S. Chamotra, "Malicious data classification using structural information and behavioral specifications in executables," 2014 Recent Advances in Engineering and Computational Sciences, RAECS 2014, pp. 1-6, 2014.
9 S. Cesare, Y. Xiang, and W. Zhou, "Malwise-an effective and efficient classification system for packed and polymorphic malware," IEEE Transactions on Computers, vol. 62, no. 6, pp. 1193-1206, 2013.
10 D. Arshi and M. Singh, "Behavior Analysis of Malware Using Machine Learning," in Contemporary Computing (IC3), 2015 Eighth International Conference on, 2015, pp. 481-486.
11 G. Liang, J. Pang, and C. Dai, "A Behavior-Based Malware Variant Classification Technique," International Journal of Information and Education Technology, vol. 6, no. 4, pp. 291-295, 2016.
12 V. Naidu and A. Narayanan, "Needleman-Wunsch and Smith-Waterman Algorithms for Identifying Viral Polymorphic Malware Variants," 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), no. August, pp. 326-333, 2016.
13 M. Ahmadi, A. Sami, H. Rahimi, and B. Yadegari, "Malware detection by behavioural sequential patterns," Computer Fraud and Security, vol. 2013, no. 8, pp. 11-19, 2013.
14 P. M. Comar, L. Liu, S. Saha, P. N. Tan, and A. Nucci, "Combining supervised and unsupervised learning for zero-day malware detection," Proceedings - IEEE INFOCOM, pp. 2022-2030, 2013.
15 J. Park, S. Choi, and D. Y. Kim, "Malware Analysis and Classification: A Survey," Lecture Notes in Electrical Engineering, vol. 215, no. April, pp. 449-457, 2013.
16 L. Zeltser, "Malware sample sources for researchers." [Online]. Available: https://zeltser.com/malware-sample-sources. [Accessed: 28-Feb-2016].
17 V. Kumar and S. Minz, "Feature Selection: A literature Review," Smart Computing Review, vol. 4, no. 3, pp. 211-229, 2014.
18 A. Azab, R. Layton, M. Alazab, and J. Oliver, "Mining malware to detect variants," Proceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014, pp. 44-53, 2015.
Mr. Emmanuel Masabo
College of Computing and Information Sciences Makerere University, Kampala, Uganda - Uganda
masabem@gmail.com
Dr. Kyanda Swaib Kaawaase
College of Computing and Information Sciences Makerere University, Kampala, Uganda - Uganda
Dr. Julianne Sansa-Otim
College of Computing and Information Sciences, Makerere University, Kampala, Uganda - Uganda
Dr. Damien Hanyurwimfura
College of Science and Technology University of Rwanda, Kigali, Rwanda - Rwanda