SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

Author

O´Kane, P. ; Sezer, Sakir ; McLaughlin, Keiran ; Eul Gyu Im

Author_Institution

Centre for Secure Inf. Technol., Queen´´s Univ. Belfast, Belfast, UK

Volume

8

Issue

3

fYear

2013

fDate

Mar-13

Firstpage

500

Lastpage

509

Abstract

N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are “area of intersect” and “subspace analysis using eigenvectors.” The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.

Keywords

eigenvalues and eigenfunctions; invasive software; statistical analysis; support vector machines; N-gram analysis; SVM training phase reduction; dataset feature filtering; density histograms; eigenvector subspace analysis; feature reduction; feature selection; malware detection; reference model; statistics filtering; support vector machine; Filtering; Kernel; Malware; Materials; Support vector machines; Training; KNN; SVM; metamorphism malware; obfuscation; packers; polymorphism;

fLanguage

English

Journal_Title

Information Forensics and Security, IEEE Transactions on

Publisher

ieee

ISSN

1556-6013

Type

jour

DOI

10.1109/TIFS.2013.2242890

Filename

6420939