Metamorphic malware detection based on support vector machine classification of malware sub-signatures
Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection that can circumvent signature matching detection. However, some vital functionalities and code segments remain unchanged between mu...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Universitas Ahmad Dahlan
2016
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/71495/1/IsmahaniIsmail2016_Metamorphicmalwaredetectionbasedon.pdf |
| _version_ | 1796861774244347904 |
|---|---|
| author | Khammas, Ban Mohammed Monemi, Alireza Ismail, Ismahani Mohd. Nor, Sulaiman Marsono, Muhammad Nadzir |
| author_facet | Khammas, Ban Mohammed Monemi, Alireza Ismail, Ismahani Mohd. Nor, Sulaiman Marsono, Muhammad Nadzir |
| author_sort | Khammas, Ban Mohammed |
| collection | ePrints |
| description | Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection that can circumvent signature matching detection. However, some vital functionalities and code segments remain unchanged between mutations. We exploit these unchanged features by the mean of classification using Support Vector Machine (SVM). N-gram features are extracted directly from malware binaries to avoid disassembly, which these features are then masked with the extracted known malware signature n-grams. These masked features reduce the number of selected n-gram features considerably. Our method is capable to accurately detect metamorphic malware with ~99 accuracy and low false positive rate. The proposed method is also superior to commercially available anti-viruses for detecting metamorphic malware. |
| first_indexed | 2024-03-05T20:01:30Z |
| format | Article |
| id | utm.eprints-71495 |
| institution | Universiti Teknologi Malaysia - ePrints |
| language | English |
| last_indexed | 2024-03-05T20:01:30Z |
| publishDate | 2016 |
| publisher | Universitas Ahmad Dahlan |
| record_format | dspace |
| spelling | utm.eprints-714952017-11-22T12:07:34Z http://eprints.utm.my/71495/ Metamorphic malware detection based on support vector machine classification of malware sub-signatures Khammas, Ban Mohammed Monemi, Alireza Ismail, Ismahani Mohd. Nor, Sulaiman Marsono, Muhammad Nadzir TK Electrical engineering. Electronics Nuclear engineering Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection that can circumvent signature matching detection. However, some vital functionalities and code segments remain unchanged between mutations. We exploit these unchanged features by the mean of classification using Support Vector Machine (SVM). N-gram features are extracted directly from malware binaries to avoid disassembly, which these features are then masked with the extracted known malware signature n-grams. These masked features reduce the number of selected n-gram features considerably. Our method is capable to accurately detect metamorphic malware with ~99 accuracy and low false positive rate. The proposed method is also superior to commercially available anti-viruses for detecting metamorphic malware. Universitas Ahmad Dahlan 2016 Article PeerReviewed application/pdf en http://eprints.utm.my/71495/1/IsmahaniIsmail2016_Metamorphicmalwaredetectionbasedon.pdf Khammas, Ban Mohammed and Monemi, Alireza and Ismail, Ismahani and Mohd. Nor, Sulaiman and Marsono, Muhammad Nadzir (2016) Metamorphic malware detection based on support vector machine classification of malware sub-signatures. Telkomnika (Telecommunication Computing Electronics and Control), 14 (3). pp. 1157-1165. ISSN 1693-6930 https://www.scopus.com/inward/record.uri?eid=2-s2.0-84994645699&doi=10.12928%2ftelkomnika.v14.i3.3850&partnerID=40&md5=9bddd91d72dd3d7765283346cee06803 |
| spellingShingle | TK Electrical engineering. Electronics Nuclear engineering Khammas, Ban Mohammed Monemi, Alireza Ismail, Ismahani Mohd. Nor, Sulaiman Marsono, Muhammad Nadzir Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title | Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title_full | Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title_fullStr | Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title_full_unstemmed | Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title_short | Metamorphic malware detection based on support vector machine classification of malware sub-signatures |
| title_sort | metamorphic malware detection based on support vector machine classification of malware sub signatures |
| topic | TK Electrical engineering. Electronics Nuclear engineering |
| url | http://eprints.utm.my/71495/1/IsmahaniIsmail2016_Metamorphicmalwaredetectionbasedon.pdf |
| work_keys_str_mv | AT khammasbanmohammed metamorphicmalwaredetectionbasedonsupportvectormachineclassificationofmalwaresubsignatures AT monemialireza metamorphicmalwaredetectionbasedonsupportvectormachineclassificationofmalwaresubsignatures AT ismailismahani metamorphicmalwaredetectionbasedonsupportvectormachineclassificationofmalwaresubsignatures AT mohdnorsulaiman metamorphicmalwaredetectionbasedonsupportvectormachineclassificationofmalwaresubsignatures AT marsonomuhammadnadzir metamorphicmalwaredetectionbasedonsupportvectormachineclassificationofmalwaresubsignatures |