Abstract
Modern malware has greatly evolved and become sophisticated with the capability to evade existing detection techniques. To defend against an advanced class of malware, behaviour-based malware detection technique has emerged as an essential complement. The major challenging task in this technique is to identify significant features from the original features’ set. The main objective of this work was to explore the effectiveness of the linear support vector classification (LSVC) in choosing prominent features from an original feature set derived from the Cuckoo sandbox generated behaviour reports. In this work, the proposed malware detection system (MDS) utilizes the Cuckoo sandbox to obtain runtime behaviour report of the Windows executable file to be examined. From the report, features are extracted, and then LSVC is applied onto the extracted features to recognize crucial features, which boost the detection ability of the MDS. The efficiency of the proposed MDS was evaluated using real-world malware samples with tenfold cross-validation tests. The experimental results demonstrated that the proposed MDS is proficient in accurately detecting malware and benign executable files by attaining a detection accuracy of 98.429% with the sequential minimal optimization (SMO) classifier.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bai, J., Wang, J., Zou, G.: A malware detection scheme based on mining format information. Sci. World J. (2014)
Belaoued, M., Mazouzi, S.: A real-time pe-malware detection system based on chi-square test and pe-file features. In: IFIP International Conference on Computer Science and Its Applications\(\_\)x000D\(\_\), pp. 416–425. Springer (2015)
Firdausi, I., Erwin, A., Nugroho, A.S., et al.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control and Telecommunication Technologies (ACT), pp. 201–203. IEEE (2010)
Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: Automated malware analysis-cuckoo sandbox (2012)
Juwono, J.T., Lim, C., Erwin, A.: A comparative study of behavior analysis sandboxes in malware detection. In: International Conference on New Media (CONMEDIA), p. 73 (2015)
Kawaguchi, N., Omote, K.: Malware function classification using apis in initial behavior. In: 2015 10th Asia Joint Conference on Information Security (AsiaJCIS), pp. 138–144. IEEE (2015)
Kim, J., Lee, S., Youn, J.M., Choi, H.: A study of simple classification of malware based on the dynamic api call counts. In: International Conference on Computer Science and its Applications, pp. 944–949. Springer (2016)
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)
Kruegel, C., Kirda, E., Bayer, U.: Ttanalyze: a tool for analyzing malware. In: Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference, vol. 4 (2006)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386–395. ACM (2014)
Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., Pape, P.: Insights gained from constructing a large scale dynamic analysis platform. Dig. Invest. 22, S48–S56 (2017)
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Conference Computer Security Applications, 2007. ACSAC 2007, pp. 421–430. IEEE (2007)
Qiao, Y., Yang, Y., He, J., Tang, C., Liu, Z.: CBM: free, automatic malware analysis framework using api call sequences. In: Knowledge Engineering and Management, pp. 225–236. Springer (2014)
Raff, E., Zak, R., Cox, R., Sylvester, J., Yacci, P., Ward, R., Tracy, A., McLean, M., Nicholas, C.: An investigation of byte n-gram features for malware classification. J. Comput. Virol. Hack. Tech. 1–20 (2016)
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Sec. 19(4), 639–668 (2011)
Salehi, Z., Sami, A., Ghiasi, M.: Maar: robust features to detect malicious activity based on api calls, their arguments and return values. Eng. Appl. Artif. Intel. 59, 93–102 (2017)
Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 64–82 (2013)
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: 2001 IEEE Symposium on Security and Privacy, 2001. S&P 2001. Proceedings, pp. 38–49. IEEE (2001)
Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Sec. Tech. Report 14(1), 16–29 (2009)
Siddiqui, M., Wang, M.C., Lee, J.: Data mining methods for malware detection using instruction sequences. In: Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications, AIA ’08, pp. 358–363. ACTA Press, Anaheim, CA, USA (2008). http://dl.acm.org/citation.cfm?id=1712759.1712825
Tsyganok, K., Tumoyan, E., Babenko, L., Anikeev, M.: Classification of polymorphic and metamorphic malware samples based on their behavior. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 111–116. ACM (2012)
Vinod, P., Laxmi, V., Gaur, M.S.: Scattered feature space for malware analysis. Adv. Comput. Commun. 562–571 (2011)
Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 41 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Shiva Darshan, S.L., Jaidhar, C.D. (2019). Empirical Study on Features Recommended by LSVC in Classifying Unknown Windows Malware. In: Bansal, J., Das, K., Nagar, A., Deep, K., Ojha, A. (eds) Soft Computing for Problem Solving. Advances in Intelligent Systems and Computing, vol 817. Springer, Singapore. https://doi.org/10.1007/978-981-13-1595-4_46
Download citation
DOI: https://doi.org/10.1007/978-981-13-1595-4_46
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1594-7
Online ISBN: 978-981-13-1595-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)