• DocumentCode
    264255
  • Title

    N-gram density based malware detection

  • Author

    O´Kane, Philip ; Sezer, Sakir ; McLaughlin, Keiran

  • Author_Institution
    Centre for Secure Inf. Technol., Queen´s Univ. Belfast, Belfast, UK
  • fYear
    2014
  • fDate
    18-20 Jan. 2014
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of N-gram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.
  • Keywords
    invasive software; pattern classification; support vector machines; N-gram analysis; N-gram density histograms; SVM; classification approach; malware detection; support vector machine; Information technology; Malware; Support vector machines; Three-dimensional displays; Malware; N-gram; Support Vector Machine;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Applications & Research (WSCAR), 2014 World Symposium on
  • Conference_Location
    Sousse
  • Print_ISBN
    978-1-4799-2805-7
  • Type

    conf

  • DOI
    10.1109/WSCAR.2014.6916806
  • Filename
    6916806
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=264255