Abstract | ||
---|---|---|
The explosive amount of malware continues their threats in network and operating systems. Signature-based method is widely used for detecting malware. Unfortunately, it is unable to determine variant malware on-the-fly. On the hand, behavior-based method can effectively characterize the behaviors of malware. However, it is time-consuming to train and predict for each specific family of malware. We propose a generic and efficient algorithm to classify malware. Our method combines the selection and the extraction of features, which significantly reduces the dimensionality of features for training and classification. Based on malware behaviors collected from a sandbox environment, our method proceeds in five steps: (a) extracting n-gram feature space data from behavior logs; (b) building a support vector machine (SVM) classifier for malware classification; (c) selecting a subset of features; (d) transforming high-dimensional feature vectors into low-dimensional feature vectors; and (e) selecting models. Experiments were conducted on a real-world data set with 4,288 samples from 9 families, which demonstrated the effectiveness and the efficiency of our approach. |
Year | Venue | Keywords |
---|---|---|
2015 | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | dynamic malware analysis,data classification,dimensionality reduction,term frequency inverse document frequency,principal component analysis,kernel principal component analysis,support vector machine |
Field | DocType | Volume |
Sandbox (software development),Feature vector,Feature selection,Pattern recognition,Computer science,Support vector machine,Curse of dimensionality,Artificial intelligence,Classifier (linguistics),Malware | Journal | 31 |
Issue | ISSN | Citations |
3 | 1016-2364 | 4 |
PageRank | References | Authors |
0.40 | 15 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Chih-Ta Lin | 1 | 4 | 0.40 |
Nai-Jian Wang | 2 | 9 | 0.81 |
Han Xiao | 3 | 253 | 8.41 |
Claudia Eckert | 4 | 76 | 13.13 |