Paper Info
Title
Malware detection: program run length against detection rate
Abstract
N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. A key issue with dynamic analysis is the length of time a program has to be run to ensure a correct classification. The motivation for this research is to find the optimum subset of operational codes (opcodes) that make the best indicators of malware and to determine how long a program has to be monitored to ensure an accurate support vector machine (SVM) classification of benign and malicious software. The experiments within this study represent programs as opcode density histograms gained through dynamic analysis for different program run periods. A SVM is used as the program classifier to determine the ability of different program run lengths to correctly determine the presence of malicious software. The findings show that malware can be detected with different program run lengths using a small number of opcodes.
Year
DOI
Venue
2014
10.1049/iet-sen.2013.0020
Software, IET  
Keywords
Field
DocType
invasive software,pattern classification,runlength codes,support vector machines,system monitoring,N-gram analysis,SVM classification,benign software,detection rate,dynamic analysis,malicious software,malware detection,opcode density histograms,operational codes,program classifier,program monitoring time,program run length,support vector machine
Small number,Data mining,Histogram,Byte,Opcode,Computer science,Support vector machine,Artificial intelligence,Malware,Classifier (linguistics),Machine learning
Journal
Volume
Issue
ISSN
8
1
1751-8806
Citations 
PageRank 
References 
4
0.39
14
Authors
4
Name
Order
Citations
PageRank
Philip O'Kane150.75
Sakir Sezer2101084.22
Kieran McLaughlin320822.19
Eul Gyu Im417524.80