Title :
N-gram density based malware detection
Author :
O´Kane, Philip ; Sezer, Sakir ; McLaughlin, Keiran
Author_Institution :
Centre for Secure Inf. Technol., Queen´s Univ. Belfast, Belfast, UK
Abstract :
N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of N-gram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.
Keywords :
invasive software; pattern classification; support vector machines; N-gram analysis; N-gram density histograms; SVM; classification approach; malware detection; support vector machine; Information technology; Malware; Support vector machines; Three-dimensional displays; Malware; N-gram; Support Vector Machine;
Conference_Titel :
Computer Applications & Research (WSCAR), 2014 World Symposium on
Conference_Location :
Sousse
Print_ISBN :
978-1-4799-2805-7
DOI :
10.1109/WSCAR.2014.6916806
