• DocumentCode
    1957839
  • Title

    Malicious Code Detection Using Penalized Splines on OPcode Frequency

  • Author

    Alazab, Mostafa ; Kadiri, M.A. ; Venkatraman, S. ; Al-Nemrat, Ameer

  • Author_Institution
    Centre of Excellence in Policing & Security (CEPS), Australian Nat. Univ. (ANU), Canberra, ACT, Australia
  • fYear
    2012
  • fDate
    29-30 Oct. 2012
  • Firstpage
    38
  • Lastpage
    47
  • Abstract
    Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.
  • Keywords
    invasive software; OPcode frequency feature selection; exponential growth; innumerable obfuscation; malicious code detection; malicious software; malware dataset; malware obfuscation; multivariate logistic regression model; obfuscated malware detection; penalized splines based feature selection; reverse engineering; Cybercrime.; Malware detection; Multivariate statistics; Obfuscation; Operation codes; Penalised splines;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cybercrime and Trustworthy Computing Workshop (CTC), 2012 Third
  • Conference_Location
    Ballarat, VIC
  • Print_ISBN
    978-1-4673-6460-7
  • Type

    conf

  • DOI
    10.1109/CTC.2012.15
  • Filename
    6498426