Hybrid concentration based feature extraction approach for malware detection

In this paper, a hybrid concentration based feature extraction (HCFE) approach is proposed. The HCFE approach extracts the hybrid concentration (HC) of a sample in both the global resolution and the local resolution. The HC of a sample characterizes the sample more precisely and completely by taking the global information and local information into account at the same time. With the help of the co-operation of the global and local information, the HC discards the bias of the global concentration (GC) to the global information and the local concentration (LC) to the local information, respectively. In order to incorporate the HCFE approach into the procedure of malware detection, a HC-based malware detection (HCMD) method is proposed. Eight groups of experiments on three public malware datasets are exploited to evaluate the effectiveness of the HCMD method using cross validation. Comprehensive experimental results suggest that the HC of a sample extracted by the HCFE approach characterizes the sample more precisely and completely than the GC and LC. The proposed HCMD method outperforms the GC-based and the LC-based malware detection methods in all the experiments for about 1.05% and 0.28% on average, respectively.