Title :
Discriminant features for metamorphic malware detection
Author :
Kuriakose, Jeril ; Vinod, P.
Author_Institution :
Dept. of Comput. Sci. & Eng., SCMS Sch. of Eng. & Technol., Karukutty, India
Abstract :
To unfold a solution for the detection of metamorphic viruses (obfuscated malware), we propose a non signature based approach using feature selection techniques such as Categorical Proportional Difference (CPD), Weight of Evidence of Text (WET), Term Frequency-Inverse Document Frequency (TF-IDF) and Term Frequency-Inverse Document Frequency-Class Frequency (TF-IDF-CF). Feature selection methods are employed to rank and prune bi-gram features obtained from malware and benign files. Synthesized features are further evaluated for their prominence in either of the classes. Using our proposed methodology 100% accuracy is obtained with test samples. Hence, we argue that the statistical scanner proposed by us can identify future metamorphic variants and can assist antiviruses with high accuracy.
Keywords :
computer viruses; feature extraction; statistical analysis; CPD; TF-IDF-CF; WET; antivirus; benign files; bigram feature pruning; bigram feature ranking; categorical proportional difference; discriminant features; feature selection technique; feature synthesis; metamorphic malware detection; metamorphic variant identification; metamorphic virus detection; nonsignature based approach; obfuscated malware; statistical scanner; term frequency-inverse document frequency-class frequency; weight of evidence of text; Accuracy; Detectors; Feature extraction; Hidden Markov models; Malware; Measurement; Viruses (medical); classifiers; discriminant; feature selection; metamorphic malware; obfuscation;
Conference_Titel :
Contemporary Computing (IC3), 2014 Seventh International Conference on
Conference_Location :
Noida
Print_ISBN :
978-1-4799-5172-7
DOI :
10.1109/IC3.2014.6897208
