Relevant hex patterns for malcode detection

Author

Naval, S. ; Meena, Y. ; Laxmi, V. ; Vinod, P.

Author_Institution

Malaviya Nat. Inst. of Technol., Jaipur, India

fYear

2013

fDate

1-2 March 2013

Firstpage

334

Lastpage

337

Abstract

Malware poses a big threat to computer systems now a days. Malware authors often use encryption/compression methods to conceal their malicious executables data and code. These methods that transform some or all of the original bytes into a series of random looking data bytes appear in 80 to 90% of malware samples. This fact creates special challenges for anti-virus scanners who use static and dynamic methods to analyze large malware collections. In this paper we propose a method to identify malware executables by reading initial 2500 byte patterns of the sample. Our method reduces overall scanner execution time by considering 2500 bytes instead of whole file. Experimental results are evaluated using different classification algorithms (Random Forest, Ada-Boost, IBK, J48, Naïve-Bayes) followed by a feature selection method.

Keywords

computer network security; computer viruses; cryptography; data compression; pattern classification; random processes; antivirus scanner; classification algorithm; compression method; computer system; dynamic method; encryption; feature selection method; malcode detection; malicious executables code; malicious executables data; malware; random looking data bytes; relevant hex pattern; scanner execution time; static method; Accuracy; Data mining; Feature extraction; Malware; Signal processing algorithms; Support vector machine classification; Training; Evaluation Metrics; Malware; Random Forest; cross-validation; mRMR;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems and Signal Processing (ISSP), 2013 International Conference on

Conference_Location

Gujarat

Print_ISBN

978-1-4799-0316-0

Type

conf

DOI

10.1109/ISSP.2013.6526930

Filename

6526930