Abstract | ||
---|---|---|
The metadata embedded in program executables provides information that can be useful for automated malware detection or classification. With potentially tens of thousands of variants per malware family, it is unclear how much consistency there is in the metadata, and whether different families exhibit different consistencies. Header information from multiple variants of recent malware was studied to understand the variability of the header information within and among malware families. Classification accuracy extracted using multiple common classifiers showed that, even for rapidly mutating malware families, classifiers trained on header information can outperform ones trained on the program bodies. The results also show that some families have highly consistent header information; this fact suggests limited evolutionary pressure from defense systems. The results indicate that care is needed when evaluating classifiers operating on header as well as program body information. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/MALWARE.2010.5665799 | Malicious and Unwanted Software |
Keywords | Field | DocType |
information analysis,invasive software,meta data,pattern classification,automated classifier,automated malware detection,defense system,evolutionary pressure,header information | Decision tree,Data mining,Metadata,Computer security,Computer science,Support vector machine,Artificial intelligence,Header,Malware,Machine learning,Executable | Conference |
ISBN | Citations | PageRank |
978-1-4244-9353-1 | 6 | 0.51 |
References | Authors | |
20 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Andrew Walenstein | 1 | 6 | 0.51 |
Daniel J. Hefner | 2 | 6 | 0.51 |
Jeffery Wichers | 3 | 6 | 0.51 |