{"title":"Pruned feature space for metamorphic malware detection using Markov Blanket","authors":"Jithu Raphel, P. Vinod","doi":"10.1109/IC3.2015.7346710","DOIUrl":null,"url":null,"abstract":"The proposed non-signature based system creates a meta feature space for the detection of metamorphic malware samples where three sets of features are extracted from the files: (a) branch opcodes (b) unigrams (c) bigrams. The feature space is initially pruned using Naïve Bayes method. After the rare feature elimination process, the relevant opcodes that are highly contributing towards the target class are selected, thereby forming a relevant feature set. Next phase is to remove the redundant features that are present in the relevant feature set using the Markov Blanket approach. Prominent features extracted are used for generating the training models and unseen instances are tested using the optimal models. Proposed system is capable of detecting the NGVCK viruses and MWORM with an accuracy of 100% using the meta opcode space of 25 features. A promising F1-score of 1.0 was gained and the results demonstrate the efficiency of the proposed metamorphic malware detector.","PeriodicalId":217950,"journal":{"name":"2015 Eighth International Conference on Contemporary Computing (IC3)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Eighth International Conference on Contemporary Computing (IC3)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC3.2015.7346710","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
The proposed non-signature based system creates a meta feature space for the detection of metamorphic malware samples where three sets of features are extracted from the files: (a) branch opcodes (b) unigrams (c) bigrams. The feature space is initially pruned using Naïve Bayes method. After the rare feature elimination process, the relevant opcodes that are highly contributing towards the target class are selected, thereby forming a relevant feature set. Next phase is to remove the redundant features that are present in the relevant feature set using the Markov Blanket approach. Prominent features extracted are used for generating the training models and unseen instances are tested using the optimal models. Proposed system is capable of detecting the NGVCK viruses and MWORM with an accuracy of 100% using the meta opcode space of 25 features. A promising F1-score of 1.0 was gained and the results demonstrate the efficiency of the proposed metamorphic malware detector.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
