Paper Info
Title
Feature Selection and Extraction for Malware Classification.
Abstract
The explosive amount of malware continues their threats in network and operating systems. Signature-based method is widely used for detecting malware. Unfortunately, it is unable to determine variant malware on-the-fly. On the hand, behavior-based method can effectively characterize the behaviors of malware. However, it is time-consuming to train and predict for each specific family of malware. We propose a generic and efficient algorithm to classify malware. Our method combines the selection and the extraction of features, which significantly reduces the dimensionality of features for training and classification. Based on malware behaviors collected from a sandbox environment, our method proceeds in five steps: (a) extracting n-gram feature space data from behavior logs; (b) building a support vector machine (SVM) classifier for malware classification; (c) selecting a subset of features; (d) transforming high-dimensional feature vectors into low-dimensional feature vectors; and (e) selecting models. Experiments were conducted on a real-world data set with 4,288 samples from 9 families, which demonstrated the effectiveness and the efficiency of our approach.
Year
Venue
Keywords
2015
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING
dynamic malware analysis,data classification,dimensionality reduction,term frequency inverse document frequency,principal component analysis,kernel principal component analysis,support vector machine
Field
DocType
Volume
Sandbox (software development),Feature vector,Feature selection,Pattern recognition,Computer science,Support vector machine,Curse of dimensionality,Artificial intelligence,Classifier (linguistics),Malware
Journal
31
Issue
ISSN
Citations 
3
1016-2364
4
PageRank 
References 
Authors
0.40
15
4
Name
Order
Citations
PageRank
Chih-Ta Lin140.40
Nai-Jian Wang290.81
Han Xiao32538.41
Claudia Eckert47613.13