DocumentCode
1957839
Title
Malicious Code Detection Using Penalized Splines on OPcode Frequency
Author
Alazab, Mostafa ; Kadiri, M.A. ; Venkatraman, S. ; Al-Nemrat, Ameer
Author_Institution
Centre of Excellence in Policing & Security (CEPS), Australian Nat. Univ. (ANU), Canberra, ACT, Australia
fYear
2012
fDate
29-30 Oct. 2012
Firstpage
38
Lastpage
47
Abstract
Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.
Keywords
invasive software; OPcode frequency feature selection; exponential growth; innumerable obfuscation; malicious code detection; malicious software; malware dataset; malware obfuscation; multivariate logistic regression model; obfuscated malware detection; penalized splines based feature selection; reverse engineering; Cybercrime.; Malware detection; Multivariate statistics; Obfuscation; Operation codes; Penalised splines;
fLanguage
English
Publisher
ieee
Conference_Titel
Cybercrime and Trustworthy Computing Workshop (CTC), 2012 Third
Conference_Location
Ballarat, VIC
Print_ISBN
978-1-4673-6460-7
Type
conf
DOI
10.1109/CTC.2012.15
Filename
6498426
Link To Document