Malware classification framework for dynamic analysis using Information Theory
Objectives: 1. To propose a framework for Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. 2. To extract behavioral patterns from execution reports of malware in terms of its features and generates a d...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Indian Society for Education and Environment
2017
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/62343/1/Malware%20classification%20framework%20for%20dynamic%20analysis%20using%20Information%20Theory.pdf |
| _version_ | 1796977612103352320 |
|---|---|
| author | Moshiri, Ehsan Abdullah, Azizol Raja Mahmood, Raja Azlina Muda, Zaiton |
| author_facet | Moshiri, Ehsan Abdullah, Azizol Raja Mahmood, Raja Azlina Muda, Zaiton |
| author_sort | Moshiri, Ehsan |
| collection | UPM |
| description | Objectives: 1. To propose a framework for Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. 2. To extract behavioral patterns from execution reports of malware in terms of its features and generates a data repository. 3. To select the most promising features using information theory based concepts. Methods/Statistical Analysis: Today, malware is a major concern of computer security experts. Variety and in- creasing number of malware affects millions of systems in the form of viruses, worms, Trojans etc. Many techniques have been proposed to analyze the malware to its class accurately. Some of analysis techniques analyzed malware based upon its structure, code flow, etc. without executing it (called static analysis), whereas other techniques (termed as dynamic analysis) focused to monitor the behavior of malware by executing it and comparing it with known malware behavior. Dynamic analysis has proved to be effective in malware detection as behavior is more difficult to mask while executing than its underlying code (static analysis). In this study, we propose a framework for Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. The proposed framework extracts behavioral patterns from execution reports of malware in terms of its features and generates a data repository. Further, it selects the most promising features using information theory based concepts. Findings: The proposed framework detects the family of unknown malware samples after training of a classifier from malware data repository. We validated the applicability of the proposed framework by comparing with the other dynamic malware analysis technique on a real malware dataset from Virus Total. Application: The proposed framework is a Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. |
| first_indexed | 2024-03-06T09:42:37Z |
| format | Article |
| id | upm.eprints-62343 |
| institution | Universiti Putra Malaysia |
| language | English |
| last_indexed | 2024-03-06T09:42:37Z |
| publishDate | 2017 |
| publisher | Indian Society for Education and Environment |
| record_format | dspace |
| spelling | upm.eprints-623432020-01-07T03:35:45Z http://psasir.upm.edu.my/id/eprint/62343/ Malware classification framework for dynamic analysis using Information Theory Moshiri, Ehsan Abdullah, Azizol Raja Mahmood, Raja Azlina Muda, Zaiton Objectives: 1. To propose a framework for Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. 2. To extract behavioral patterns from execution reports of malware in terms of its features and generates a data repository. 3. To select the most promising features using information theory based concepts. Methods/Statistical Analysis: Today, malware is a major concern of computer security experts. Variety and in- creasing number of malware affects millions of systems in the form of viruses, worms, Trojans etc. Many techniques have been proposed to analyze the malware to its class accurately. Some of analysis techniques analyzed malware based upon its structure, code flow, etc. without executing it (called static analysis), whereas other techniques (termed as dynamic analysis) focused to monitor the behavior of malware by executing it and comparing it with known malware behavior. Dynamic analysis has proved to be effective in malware detection as behavior is more difficult to mask while executing than its underlying code (static analysis). In this study, we propose a framework for Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. The proposed framework extracts behavioral patterns from execution reports of malware in terms of its features and generates a data repository. Further, it selects the most promising features using information theory based concepts. Findings: The proposed framework detects the family of unknown malware samples after training of a classifier from malware data repository. We validated the applicability of the proposed framework by comparing with the other dynamic malware analysis technique on a real malware dataset from Virus Total. Application: The proposed framework is a Malware Classification System (MCS) to analyze malware behavior dynamically using a concept of information theory and a machine learning technique. Indian Society for Education and Environment 2017-06 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/62343/1/Malware%20classification%20framework%20for%20dynamic%20analysis%20using%20Information%20Theory.pdf Moshiri, Ehsan and Abdullah, Azizol and Raja Mahmood, Raja Azlina and Muda, Zaiton (2017) Malware classification framework for dynamic analysis using Information Theory. Indian Journal of Science and Technology, 10 (21). pp. 1-14. ISSN 0974-6846; ESSN: 0974-5645 http://www.indjst.org/index.php/indjst/article/view/100023 10.17485/ijst/2017/v10i21/100023 |
| spellingShingle | Moshiri, Ehsan Abdullah, Azizol Raja Mahmood, Raja Azlina Muda, Zaiton Malware classification framework for dynamic analysis using Information Theory |
| title | Malware classification framework for dynamic analysis using Information Theory |
| title_full | Malware classification framework for dynamic analysis using Information Theory |
| title_fullStr | Malware classification framework for dynamic analysis using Information Theory |
| title_full_unstemmed | Malware classification framework for dynamic analysis using Information Theory |
| title_short | Malware classification framework for dynamic analysis using Information Theory |
| title_sort | malware classification framework for dynamic analysis using information theory |
| url | http://psasir.upm.edu.my/id/eprint/62343/1/Malware%20classification%20framework%20for%20dynamic%20analysis%20using%20Information%20Theory.pdf |
| work_keys_str_mv | AT moshiriehsan malwareclassificationframeworkfordynamicanalysisusinginformationtheory AT abdullahazizol malwareclassificationframeworkfordynamicanalysisusinginformationtheory AT rajamahmoodrajaazlina malwareclassificationframeworkfordynamicanalysisusinginformationtheory AT mudazaiton malwareclassificationframeworkfordynamicanalysisusinginformationtheory |