Skip to main content
SpringerLink
Log in

Empirical Study on Features Recommended by LSVC in Classifying Unknown Windows Malware

  • Conference paper
  • First Online:
Soft Computing for Problem Solving

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 817))

Abstract

Modern malware has greatly evolved and become sophisticated with the capability to evade existing detection techniques. To defend against an advanced class of malware, behaviour-based malware detection technique has emerged as an essential complement. The major challenging task in this technique is to identify significant features from the original features’ set. The main objective of this work was to explore the effectiveness of the linear support vector classification (LSVC) in choosing prominent features from an original feature set derived from the Cuckoo sandbox generated behaviour reports. In this work, the proposed malware detection system (MDS) utilizes the Cuckoo sandbox to obtain runtime behaviour report of the Windows executable file to be examined. From the report, features are extracted, and then LSVC is applied onto the extracted features to recognize crucial features, which boost the detection ability of the MDS. The efficiency of the proposed MDS was evaluated using real-world malware samples with tenfold cross-validation tests. The experimental results demonstrated that the proposed MDS is proficient in accurately detecting malware and benign executable files by attaining a detection accuracy of 98.429% with the sequential minimal optimization (SMO) classifier.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://virusshare.com/.

  2. 2.

    http://www.cs.waikato.ac.nz/ml/weka/.

References

  1. Bai, J., Wang, J., Zou, G.: A malware detection scheme based on mining format information. Sci. World J. (2014)

    Google Scholar 

  2. Belaoued, M., Mazouzi, S.: A real-time pe-malware detection system based on chi-square test and pe-file features. In: IFIP International Conference on Computer Science and Its Applications\(\_\)x000D\(\_\), pp. 416–425. Springer (2015)

    Google Scholar 

  3. Firdausi, I., Erwin, A., Nugroho, A.S., et al.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control and Telecommunication Technologies (ACT), pp. 201–203. IEEE (2010)

    Google Scholar 

  4. Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: Automated malware analysis-cuckoo sandbox (2012)

    Google Scholar 

  5. Juwono, J.T., Lim, C., Erwin, A.: A comparative study of behavior analysis sandboxes in malware detection. In: International Conference on New Media (CONMEDIA), p. 73 (2015)

    Google Scholar 

  6. Kawaguchi, N., Omote, K.: Malware function classification using apis in initial behavior. In: 2015 10th Asia Joint Conference on Information Security (AsiaJCIS), pp. 138–144. IEEE (2015)

    Google Scholar 

  7. Kim, J., Lee, S., Youn, J.M., Choi, H.: A study of simple classification of malware based on the dynamic api call counts. In: International Conference on Computer Science and its Applications, pp. 944–949. Springer (2016)

    Google Scholar 

  8. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)

    Google Scholar 

  9. Kruegel, C., Kirda, E., Bayer, U.: Ttanalyze: a tool for analyzing malware. In: Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference, vol. 4 (2006)

    Google Scholar 

  10. Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386–395. ACM (2014)

    Google Scholar 

  11. Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., Pape, P.: Insights gained from constructing a large scale dynamic analysis platform. Dig. Invest. 22, S48–S56 (2017)

    Article  Google Scholar 

  12. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Conference Computer Security Applications, 2007. ACSAC 2007, pp. 421–430. IEEE (2007)

    Google Scholar 

  13. Qiao, Y., Yang, Y., He, J., Tang, C., Liu, Z.: CBM: free, automatic malware analysis framework using api call sequences. In: Knowledge Engineering and Management, pp. 225–236. Springer (2014)

    Google Scholar 

  14. Raff, E., Zak, R., Cox, R., Sylvester, J., Yacci, P., Ward, R., Tracy, A., McLean, M., Nicholas, C.: An investigation of byte n-gram features for malware classification. J. Comput. Virol. Hack. Tech. 1–20 (2016)

    Article  Google Scholar 

  15. Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Sec. 19(4), 639–668 (2011)

    Article  Google Scholar 

  16. Salehi, Z., Sami, A., Ghiasi, M.: Maar: robust features to detect malicious activity based on api calls, their arguments and return values. Eng. Appl. Artif. Intel. 59, 93–102 (2017)

    Article  Google Scholar 

  17. Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 64–82 (2013)

    Article  MathSciNet  Google Scholar 

  18. Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: 2001 IEEE Symposium on Security and Privacy, 2001. S&P 2001. Proceedings, pp. 38–49. IEEE (2001)

    Google Scholar 

  19. Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Sec. Tech. Report 14(1), 16–29 (2009)

    Article  Google Scholar 

  20. Siddiqui, M., Wang, M.C., Lee, J.: Data mining methods for malware detection using instruction sequences. In: Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications, AIA ’08, pp. 358–363. ACTA Press, Anaheim, CA, USA (2008). http://dl.acm.org/citation.cfm?id=1712759.1712825

  21. Tsyganok, K., Tumoyan, E., Babenko, L., Anikeev, M.: Classification of polymorphic and metamorphic malware samples based on their behavior. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 111–116. ACM (2012)

    Google Scholar 

  22. Vinod, P., Laxmi, V., Gaur, M.S.: Scattered feature space for malware analysis. Adv. Comput. Commun. 562–571 (2011)

    Google Scholar 

  23. Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 41 (2017)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, National Institute of Technology Karnataka, Surathkal, India

    S. L. Shiva Darshan & C. D. Jaidhar

Authors
  1. S. L. Shiva Darshan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. D. Jaidhar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. L. Shiva Darshan .

Editor information

Editors and Affiliations

  1. Department of Mathematics, South Asian University, New Delhi, India

    Jagdish Chand Bansal

  2. Department of Mathematics, National Institute of Technology Silchar, Silchar, Assam, India

    Kedar Nath Das

  3. Department of Mathematics and Computer Science, Faculty of Science, Liverpool Hope University, Liverpool, UK

    Atulya Nagar

  4. Department of Mathematics, Indian Institute of Technology Roorkee, Roorkee, Uttarakhand, India

    Kusum Deep

  5. School of Basic Sciences, Indian Institute of Technology Bhubaneswar, Bhubaneswar, Odisha, India

    Akshay Kumar Ojha

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shiva Darshan, S.L., Jaidhar, C.D. (2019). Empirical Study on Features Recommended by LSVC in Classifying Unknown Windows Malware. In: Bansal, J., Das, K., Nagar, A., Deep, K., Ojha, A. (eds) Soft Computing for Problem Solving. Advances in Intelligent Systems and Computing, vol 817. Springer, Singapore. https://doi.org/10.1007/978-981-13-1595-4_46

Download citation

Publish with us

Policies and ethics

Search

Navigation