Title :
Relevant hex patterns for malcode detection
Author :
Naval, S. ; Meena, Y. ; Laxmi, V. ; Vinod, P.
Author_Institution :
Malaviya Nat. Inst. of Technol., Jaipur, India
Abstract :
Malware poses a big threat to computer systems now a days. Malware authors often use encryption/compression methods to conceal their malicious executables data and code. These methods that transform some or all of the original bytes into a series of random looking data bytes appear in 80 to 90% of malware samples. This fact creates special challenges for anti-virus scanners who use static and dynamic methods to analyze large malware collections. In this paper we propose a method to identify malware executables by reading initial 2500 byte patterns of the sample. Our method reduces overall scanner execution time by considering 2500 bytes instead of whole file. Experimental results are evaluated using different classification algorithms (Random Forest, Ada-Boost, IBK, J48, Naïve-Bayes) followed by a feature selection method.
Keywords :
computer network security; computer viruses; cryptography; data compression; pattern classification; random processes; antivirus scanner; classification algorithm; compression method; computer system; dynamic method; encryption; feature selection method; malcode detection; malicious executables code; malicious executables data; malware; random looking data bytes; relevant hex pattern; scanner execution time; static method; Accuracy; Data mining; Feature extraction; Malware; Signal processing algorithms; Support vector machine classification; Training; Evaluation Metrics; Malware; Random Forest; cross-validation; mRMR;
Conference_Titel :
Intelligent Systems and Signal Processing (ISSP), 2013 International Conference on
Conference_Location :
Gujarat
Print_ISBN :
978-1-4799-0316-0
DOI :
10.1109/ISSP.2013.6526930
