P. Vinod, V. Laxmi, M. Gaur, Smita Naval, Parvez Faruki
{"title":"MCF:恶意软件分析的多组件特性","authors":"P. Vinod, V. Laxmi, M. Gaur, Smita Naval, Parvez Faruki","doi":"10.1109/WAINA.2013.147","DOIUrl":null,"url":null,"abstract":"In this paper, we use machine learning techniques for classifying a Portable Executable (PE) file as malware or benign. This is achieved by extracting a new feature also referred to us as MultiComponent Feature composed of (a) PE metadata (b) Principal Instruction Code (PIC)(c) mnemonic bi-gram and (d) prominent unigrams that characterizes malware/benign files. Reduced feature set are obtained using feature selection and reduction methods such as Minimum Redundancy and Maximum Relevance (mRMR), Principal Component Analysis (PCA) and prominent EigenVector Feature (EVF). We demonstrate that amongst mRMR, PCA and EVF, mRMR feature selection method is suitable for extracting optimal PE attributes. The performance of our proposed method is compared with similar work reported in previous literature's and we have found that the detection rate with our methodology is found to be better compared to prior work. This suggest that the proposed method can be used effectively for the identification of malicious files.","PeriodicalId":359251,"journal":{"name":"2013 27th International Conference on Advanced Information Networking and Applications Workshops","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"MCF: MultiComponent Features for Malware Analysis\",\"authors\":\"P. Vinod, V. Laxmi, M. Gaur, Smita Naval, Parvez Faruki\",\"doi\":\"10.1109/WAINA.2013.147\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we use machine learning techniques for classifying a Portable Executable (PE) file as malware or benign. This is achieved by extracting a new feature also referred to us as MultiComponent Feature composed of (a) PE metadata (b) Principal Instruction Code (PIC)(c) mnemonic bi-gram and (d) prominent unigrams that characterizes malware/benign files. Reduced feature set are obtained using feature selection and reduction methods such as Minimum Redundancy and Maximum Relevance (mRMR), Principal Component Analysis (PCA) and prominent EigenVector Feature (EVF). We demonstrate that amongst mRMR, PCA and EVF, mRMR feature selection method is suitable for extracting optimal PE attributes. The performance of our proposed method is compared with similar work reported in previous literature's and we have found that the detection rate with our methodology is found to be better compared to prior work. This suggest that the proposed method can be used effectively for the identification of malicious files.\",\"PeriodicalId\":359251,\"journal\":{\"name\":\"2013 27th International Conference on Advanced Information Networking and Applications Workshops\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 27th International Conference on Advanced Information Networking and Applications Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2013.147\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 27th International Conference on Advanced Information Networking and Applications Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2013.147","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this paper, we use machine learning techniques for classifying a Portable Executable (PE) file as malware or benign. This is achieved by extracting a new feature also referred to us as MultiComponent Feature composed of (a) PE metadata (b) Principal Instruction Code (PIC)(c) mnemonic bi-gram and (d) prominent unigrams that characterizes malware/benign files. Reduced feature set are obtained using feature selection and reduction methods such as Minimum Redundancy and Maximum Relevance (mRMR), Principal Component Analysis (PCA) and prominent EigenVector Feature (EVF). We demonstrate that amongst mRMR, PCA and EVF, mRMR feature selection method is suitable for extracting optimal PE attributes. The performance of our proposed method is compared with similar work reported in previous literature's and we have found that the detection rate with our methodology is found to be better compared to prior work. This suggest that the proposed method can be used effectively for the identification of malicious files.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
