Discriminant features for metamorphic malware detection

Author

Kuriakose, Jeril ; Vinod, P.

Author_Institution

Dept. of Comput. Sci. & Eng., SCMS Sch. of Eng. & Technol., Karukutty, India

fYear

2014

fDate

7-9 Aug. 2014

Firstpage

406

Lastpage

411

Abstract

To unfold a solution for the detection of metamorphic viruses (obfuscated malware), we propose a non signature based approach using feature selection techniques such as Categorical Proportional Difference (CPD), Weight of Evidence of Text (WET), Term Frequency-Inverse Document Frequency (TF-IDF) and Term Frequency-Inverse Document Frequency-Class Frequency (TF-IDF-CF). Feature selection methods are employed to rank and prune bi-gram features obtained from malware and benign files. Synthesized features are further evaluated for their prominence in either of the classes. Using our proposed methodology 100% accuracy is obtained with test samples. Hence, we argue that the statistical scanner proposed by us can identify future metamorphic variants and can assist antiviruses with high accuracy.

Keywords

computer viruses; feature extraction; statistical analysis; CPD; TF-IDF-CF; WET; antivirus; benign files; bigram feature pruning; bigram feature ranking; categorical proportional difference; discriminant features; feature selection technique; feature synthesis; metamorphic malware detection; metamorphic variant identification; metamorphic virus detection; nonsignature based approach; obfuscated malware; statistical scanner; term frequency-inverse document frequency-class frequency; weight of evidence of text; Accuracy; Detectors; Feature extraction; Hidden Markov models; Malware; Measurement; Viruses (medical); classifiers; discriminant; feature selection; metamorphic malware; obfuscation;

fLanguage

English

Publisher

ieee

Conference_Titel

Contemporary Computing (IC3), 2014 Seventh International Conference on

Conference_Location

Noida

Print_ISBN

978-1-4799-5172-7

Type

conf

DOI

10.1109/IC3.2014.6897208

Filename

6897208