Skip to main content

Advertisement

SpringerLink
Log in

Automatic code features extraction using bio-inspired algorithms

  • Invited Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

The number of malicious applications that appear everyday has reached beyond any manual analysis. In the attempt to spread beyond personal computers, malware authors use new platforms like Android, iOS and .NET. The later has the advantage of being present on both desktop computers running Windows Vista or later and also on Windows Phone devices. Previous studies in the malware classification field have used the concept of OpCode \(n\)-grams. These are sequences of consecutive operation codes, that can be extracted from any type of application. In this paper we will show an improvement to this method, by eliminating some of the OpCodes, in order to get better classification results. The OpCodes selection is performed by two bio-inspired algorithms. First, a fitness function was designed, that measured how well we can detect some clusters of methods. Then, we encoded a possible solution as a chromosome in a Genetic Algorithm and as a particle, in Particle Swarm Optimization. Both methods found good OpCodes subsets that were successful in detecting clusters from the cross-validation tests. The results presented in this paper show that biology can be a source of inspiration not only for computer viruses but also for new methods to combat them.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Common Language Infrastructure (CLI). Ecma International (2010)

  2. Abou-assaleh, T., Cercone, N., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference, IEEE CSP, pp. 10–1109 (2003)

  3. Bäck, T.: Evolutionary Algorithms in Theory and Practice: Evolution Strategies, Evolutionary Programming. Genetic Algorithms. Oxford University Press, Oxford (1996)

    MATH  Google Scholar 

  4. Bilar, D.: Opcodes as predictor for malware. Security Informat. 1, 156–168 (2007)

    Google Scholar 

  5. Bray, B.: Announcing the release of the.net framework for windows phone 8. Tech. rep., Microsoft Corporation (2012)

  6. Holland, J.H.: Adaptation in Natural and Artificial Systems. University of Michigan Press, Michigan (1975)

    Google Scholar 

  7. Kennedy, J., Eberhart, R.: Particle swarm optimization. In: IEEE International Conference on. Neural Networks, vol. 4, pp. 1942–1948 (1995)

  8. Pietrek, M.: An in-depth look into the win32 portable executable file format. MSDN Magazine (2002)

  9. Pistelli, D.: The.net file format (2008). http://www.codeproject.com/Articles/12585/The-NET-File-Format

  10. Santos, I., Sanz, B., Laorden, C., Brezo, F., Bringas, P.G.: Opcode-sequence-based semi-supervised unknown malware detection. In: Proceedings of the 4th International Conference on Computational intelligence in security for information systems, CISIS’11, pp. 50–57. Springer, Berlin (2011). http://dl.acm.org/citation.cfm?id=2023430.2023439

  11. Selinger, M.: The ultimate endurance test for internet security suites. Tech. rep, AV-TEST (2012)

    Google Scholar 

  12. Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Security Informat. 1 (2012)

  13. Shi, Y., Eberhart, R.: A modified particle swarm optimizer. Evolutionary Computation Proceedings 1998. IEEE World Congress on, Computational Intelligence., pp. 69–73 (1998). doi:10.1109/icec.1998.699146

  14. Shi, Y., Eberhart, R.: Parameter selection in particle swarm optimization. In: V. Porto, N. Saravanan, D. Waagen, A. Eiben (eds.) Evolutionary Programming VII, Lecture Notes in Computer Science, vol. 1447, pp. 591–600. Springer, Berlin (1998). doi:10.1007/BFb0040810

  15. Turing, A.: On computable numbers with an application to the entscheidungsproblem. Proc. Lond. Math. Soc. (1936)

  16. Wang, A.: Deploying microsoft.net framework version 3.0. Tech. rep., Microsoft Corporation (2006)

Download references

Author information

Authors and Affiliations

  1. Bitdefender, 1, Cuza Vodă Street, City Business Center, 400107 , Cluj-Napoca, Romania

    Ciprian Oprişa & George Cabău

  2. Technical University of Cluj-Napoca, 28, Gh. Bariţiu Street, room M02, 400027 , Cluj-Napoca, Romania

    Adrian Coleşa

Authors
  1. Ciprian Oprişa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Cabău
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adrian Coleşa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ciprian Oprişa.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Oprişa, C., Cabău, G. & Coleşa, A. Automatic code features extraction using bio-inspired algorithms. J Comput Virol Hack Tech 10, 165–176 (2014). https://doi.org/10.1007/s11416-013-0191-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-013-0191-6

Keywords

Search

Navigation