Title :
Kernel machines for malware classification and similarity analysis
Author :
Shankarapani, M. ; Kancherla, K. ; Ramammoorthy, S. ; Movva, R. ; Mukkamala, S.
Abstract :
In this paper we present a method of functionally classifying malicious code that might lead to automated attacks and intrusions using kernel machines. We study the performance of kernel methods in the context of robustness and generalization capabilities of malware classification. Current static detection and scanning techniques for malicious code and malware have serious limitations; on the other hand, sandbox testing fails to provide a complete satisfactory solution either due to time constraints (e.g., time bombs cannot be detected before its preset time expires). Results show that malware analysis based on the Windows API calling sequence that reflects the behavior of a particular piece of code gives good accuracy to classify malware. We also show that classification accuracy varies with the kernel type and the parameter values; thus, with appropriately chosen parameter values, intrusions can be detected by SVMs with higher accuracy and lower rates of false alarms.
Keywords :
invasive software; pattern classification; support vector machines; SVM; Windows API calling sequence; automated attacks; kernel machines; malicious code; malware classification; sandbox testing; scanning techniques; similarity analysis; static detection; time constraints; Accuracy; Correlation; Databases; Kernel; Malware; Support vector machines;
Conference_Titel :
Neural Networks (IJCNN), The 2010 International Joint Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4244-6916-1
DOI :
10.1109/IJCNN.2010.5596339
