Title :
Linux malware detection using non-parametric statistical methods
Author :
Asmitha, K.A. ; Vinod, P.
Author_Institution :
Dept. of Comput. Sci. & Eng., SCMS Sch. of Eng. & Technol., Ernakulam, India
Abstract :
Linux is the most renowned open source operating system. In recent years, the number of malware targeting Linux OS has been increased and the traditional defence mechanisms seems to be futile. We propose a novel non-parametric statistical approach using machine learning techniques for identifying previously unknown malicious Executable Linkable Files (ELF). The system calls employed as features extracted dynamically within a controlled environment. The proposed approach ranks and determine the prominent features by using non-parametric statistical methods like Kruskal-Wallis ranking test (KW), Deviation From Poisson (DFP). Three learning algorithms (J48, Adaboost and Random Forest) are applied to generate prediction model, from a minimal set of features extracted from the system call traces. Optimal feature vector resulted in over all classification accuracy of 97.30% to identify unknown malicious specimens.
Keywords :
Linux; invasive software; learning (artificial intelligence); statistical testing; Adaboost learning algorithm; DFP method; ELF; J48 learning algorithm; KW; Kruskal-Wallis ranking test; Linux OS; Linux malware detection; deviation from Poisson method; executable linkable files; machine learning techniques; nonparametric statistical methods; open source operating system; random forest learning algorithm; system call traces; Accuracy; Computational modeling; Feature extraction; Linux; Malware; Predictive models; Training; classifiers; dynamic analysis; feature selection; non-parametric; system call analysis;
Conference_Titel :
Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on
Conference_Location :
New Delhi
Print_ISBN :
978-1-4799-3078-4
DOI :
10.1109/ICACCI.2014.6968611
