Abstract
Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. The relevance of features of unpacked malicious and benign executables like mnemonics, instruction opcodes, API to identify a feature that classifies the executables is investigated in this paper. By applying Analysis of Variance and Minimum Redundancy Maximum Relevance to a sizeable feature space, prominent features are extracted. By creating feature vectors using individual and combined features (mnemonic), we conducted the experiments. By means of experiments we observe that Multimodal framework achieves better accuracy than the Unimodal one.
A. Cuzzocrea—This research has been made in the context of the Excellence Chair in Computer Engineering – Big Data Management and Analytics at LORIA, Nancy, France.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alkhateeb, E.M., Stamp, M.: A dynamic heuristic method for detecting packed malware using naive bayes. In: International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6. IEEE (2019)
Bergeron, J., Debbabi, M., Erhioui, M.M., Ktari, B.: Static analysis of binary code to isolate malicious behaviors. In: WETICE 1999: Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, Washington, DC, USA, pp. 184–189. IEEE Computer Society (1999)
Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: pc, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium, pp. 1–21 (2017)
Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: ESEC-FSE 2007: Proceedings of the the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering, pp. 5–14, New York, NY, USA. ACM (2007)
Chuan, L.L., Yee, C.L., Ismail, M., Jumari, K.: Automating uncompressing and static analysis of conficker worm. In: 2009 IEEE 9th Malaysia International Conference on Communications (MICC), pp. 193–198. IEEE (2009)
Cuzzocrea, A.: Improving range-sum query evaluation on data cubes via polynomial approximation. Data Knowl. Eng. 56(2), 85–121 (2006)
Cuzzocrea, A., Matrangolo, U.: Analytical synopses for approximate query answering in OLAP environments. In: Galindo, F., Takizawa, M., Traunmüller, R. (eds.) DEXA 2004. LNCS, vol. 3180, pp. 359–370. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30075-5_35
Cuzzocrea, A., Moussa, R., Xu, G.: OLAP*: effectively and efficiently supporting parallel OLAP over big data. In: Cuzzocrea, A., Maabout, S. (eds.) MEDI 2013. LNCS, vol. 8216, pp. 38–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41366-7_4
Cuzzocrea, A., Mumolo, E., Fadda, E., Tessarotto, M.: A novel big data analytics approach for supporting cyber attack detection via non-linear analytic prediction of IP addresses. In: Gervasi, O., et al. (eds.) ICCSA 2020. LNCS, vol. 12249, pp. 978–991. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58799-4_70
Cuzzocrea, A., Saccà, D., Serafino, P.: A hierarchy-driven compression technique for advanced OLAP visualization of multidimensional data cubes. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2006. LNCS, vol. 4081, pp. 106–119. Springer, Heidelberg (2006). https://doi.org/10.1007/11823728_11
Cuzzocrea, A., Serafino, P.: LCS-Hist: taming massive high-dimensional data cube compression. In: Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, pp. 768–779 (2009)
Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017)
Gunpacker. http://www.woodmann.com/collabarative/tools/
Ida Pro: http://www.hex-rays.com/idapro/
Intel: http://www.intel.com/
Mandiant: http://www.mandiant.com/
Masud, M.M., Khan, L., Thuraisingham, B.: A hybrid model to detect malicious executables. In: Proceedings of IEEE International Conference on Communications, ICC 2007, pp. 1443–1448. IEEE (2007)
Nair, V.P., Jain, H., Golecha, Y.K., Gaur, M.S., Laxmi, V.: Medusa: metamorphic malware dynamic analysis using signature from api. In: Proceedings of the 3rd International Conference on Security of Information and Networks, SIN 2010, pp. 263–269, New York, NY, USA. ACM (2010)
Objdump. https://ubuntu.pkgs.org/16.04/ubuntu-universe-amd64/dissy_9-3.1_all.deb.html
Ollydbg. http://www.ollydbg.de
Peid: http://www.peid.info
Rabek, J.C., Khazan, R.I., Lewandowski, S.M., Cunningham, R.K.: Detection of injected, dynamically generated, and obfuscated malicious code. In: WORM 2003: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 76–82, New York, NY, USA. ACM (2003)
Santos, I., Penya, Y.K., Devesa, J., Bringas, P.G.: N-grams-based file signatures for malware detection. ICEIS (2), 9, 317–320 (2009)
Sathyanarayan, V.S., Kohli, P., Bruhadeshwar, B.: Signature generation and detection of malware families. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 336–349. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70500-0_25
Sharma, A., Sahay, S.K.: Evolution and detection of polymorphic and metamorphic malwares: a survey. arXiv preprint arXiv:1406.7061 (2014)
Sun, H.-M., Lin, Y.-H., Wu, M.-F.: API monitoring system for defeating worms and exploits in MS-windows system. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 159–170. Springer, Heidelberg (2006). https://doi.org/10.1007/11780656_14
Vilkeliskis, T.: Automated unpacking of executables using dynamic binary instrumentation (2009)
Virus Total. http://www.virustotal.com/stats.html
Veratrace: http://www.offensivecomputing.net/
Vmpacker. http://www.leechermods.com/
VX heavens. http://vxheaven.0l.wtf/
Wadkar, M., Di Troia, F., Stamp, M.: Detecting malware evolution using support vector machines. Expert Syst. Appl. 143, 113022 (2020)
Open source Machine Learning Software Weka. http://www.cs.waikato.ac.nz/ml/weka/
Witten, I.H.: Frank, and E. Morgan Kaufmann, Practical Machine Learning Tools and Techniques with Java Implementation (1999)
Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211–229 (2006)
Xen: http://www.xen.org
Zhang, B., Yin, J., Hao, J.: Using fuzzy pattern recognition to detect unknown malicious executables code. In: Wang, L., Jin, Y. (eds.) FSKD 2005. LNCS (LNAI), vol. 3613, pp. 629–634. Springer, Heidelberg (2005). https://doi.org/10.1007/11539506_78
Zhang, Q., Reeves, D.S.: Metaaware: identifying metamorphic malware. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 411–420. IEEE (2007)
Acknowledgements
This research has been partially supported by the French PIA project “Lorraine Université d’Excellence”, reference ANR-15-IDEX-04-LUE.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Cuzzocrea, A., Mercaldo, F., Martinelli, F. (2021). A Machine-Learning-Based Framework for Supporting Malware Detection and Analysis. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2021. ICCSA 2021. Lecture Notes in Computer Science(), vol 12951. Springer, Cham. https://doi.org/10.1007/978-3-030-86970-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-86970-0_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86969-4
Online ISBN: 978-3-030-86970-0
eBook Packages: Computer ScienceComputer Science (R0)