Title :
Malicious Code Detection Using Penalized Splines on OPcode Frequency
Author :
Alazab, Mostafa ; Kadiri, M.A. ; Venkatraman, S. ; Al-Nemrat, Ameer
Author_Institution :
Centre of Excellence in Policing & Security (CEPS), Australian Nat. Univ. (ANU), Canberra, ACT, Australia
Abstract :
Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.
Keywords :
invasive software; OPcode frequency feature selection; exponential growth; innumerable obfuscation; malicious code detection; malicious software; malware dataset; malware obfuscation; multivariate logistic regression model; obfuscated malware detection; penalized splines based feature selection; reverse engineering; Cybercrime.; Malware detection; Multivariate statistics; Obfuscation; Operation codes; Penalised splines;
Conference_Titel :
Cybercrime and Trustworthy Computing Workshop (CTC), 2012 Third
Conference_Location :
Ballarat, VIC
Print_ISBN :
978-1-4673-6460-7
DOI :
10.1109/CTC.2012.15
