Polymorphic Malware Detection Using Sequence Classification Methods

2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI:10.1109/SPW.2016.30

Jake Drew, T. Moore, Michael Hahsler

{"title":"Polymorphic Malware Detection Using Sequence Classification Methods","authors":"Jake Drew, T. Moore, Michael Hahsler","doi":"10.1109/SPW.2016.30","DOIUrl":null,"url":null,"abstract":"Polymorphic malware detection is challenging due to the continual mutations miscreants introduce to successive instances of a particular virus. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we argue that these methods can be usefully applied to malware detection. Unfortunately, gene classification tools are usually optimized for and restricted to an alphabet of four letters (nucleic acids). Consequently, we have selected the Strand gene sequence classifier, which offers a robust classification strategy that can easily accommodate unstructured data with any alphabet including source code or compiled machine code. To demonstrate Stand's suitability for classifying malware, we execute it on approximately 500GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting 9 classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team's method.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"55","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2016.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 55

Abstract

Polymorphic malware detection is challenging due to the continual mutations miscreants introduce to successive instances of a particular virus. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we argue that these methods can be usefully applied to malware detection. Unfortunately, gene classification tools are usually optimized for and restricted to an alphabet of four letters (nucleic acids). Consequently, we have selected the Strand gene sequence classifier, which offers a robust classification strategy that can easily accommodate unstructured data with any alphabet including source code or compiled machine code. To demonstrate Stand's suitability for classifying malware, we execute it on approximately 500GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting 9 classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team's method.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于序列分类方法的多态恶意软件检测

多态恶意软件的检测是具有挑战性的，因为连续突变的不法分子引入到一个特定的病毒的连续实例。这种变化类似于生物序列的突变。近年来，生物信息学和计算生物学领域发展了高通量的基因序列分类方法。在本文中，我们认为这些方法可以有效地应用于恶意软件检测。不幸的是，基因分类工具通常是针对四个字母(核酸)的字母表进行优化和限制的。因此，我们选择了Strand基因序列分类器，它提供了一个强大的分类策略，可以很容易地适应任何字母表的非结构化数据，包括源代码或编译的机器码。为了证明Stand对恶意软件分类的适用性，我们在Kaggle微软恶意软件分类挑战赛(BIG 2015)提供的大约500GB的恶意软件数据上执行它，用于预测9类多态恶意软件。实验表明，在最小的适应性下，该方法只需要获胜团队所用训练时间的一小部分，就能达到95%以上的准确率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2016 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量