Title :
A Hybrid Model to Detect Malicious Executables
Author :
Masud, M.M. ; Khan, Latifur ; Thuraisingham, Bhavani
Author_Institution :
Univ. of Texas at Dallas, Richardson
Abstract :
We present a hybrid data mining approach to detect malicious executables. In this approach we identify important features of the malicious and benign executables. These features are used by a classifier to learn a classification model that can distinguish between malicious and benign executables. We construct a novel combination of three different kinds of features: binary n-grams, assembly n-grams, and library function calls. Binary features are extracted from the binary executables, whereas assembly features are extracted from the disassembled executables. The function call features are extracted from the program headers. We also propose an efficient and scalable feature extraction technique. We apply our model on a large corpus of real benign and malicious executables. We extract the above mentioned features from the data and train a classifier using support vector machine. This classifier achieves a very high accuracy and low false positive rate in detecting malicious executables. Our model is compared with other feature-based approaches, and found to be more efficient in terms of detection accuracy and false alarm rate.
Keywords :
feature extraction; security of data; support vector machines; assembly n-grams; binary n-grams; classification model; feature extraction technique; hybrid data mining approach; hybrid model; library function calls; malicious executables detection; support vector machine; Assembly; Communications Society; Computer Society; Computer science; Data mining; Feature extraction; Libraries; Mobile computing; Support vector machine classification; Support vector machines;
Conference_Titel :
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location :
Glasgow
Print_ISBN :
1-4244-0353-7
DOI :
10.1109/ICC.2007.242
