Classification of malware families based on N-grams sequential pattern features

Proceedings of the 2013 IEEE 8th Conference on Industrial Electronics and Applications, ICIEA 2013

Volumn , Issue , 2013, Pages 777-782

  Liangboonprakong, Chatchai ^a   Sornil, Ohm ^b  

^a SUAN SUNANDHA RAJABHAT UNIVERSITY   (Thailand)

^b NATIONAL INSTITUTE OF DEVELOPMENT ADMINISTRATION   (Thailand)

Author keywords

C4.5; Malware Classification; Multilayer Perceptron; N Gram; Sequential Floating Forward Selection; Sequential Pattern; Support Vector Machine

Indexed keywords

C4.5; FORWARD SELECTION; MALWARE CLASSIFICATIONS; MULTI LAYER PERCEPTRON; N-GRAM; SEQUENTIAL PATTERNS;

INDUSTRIAL ELECTRONICS; SUPPORT VECTOR MACHINES;

COMPUTER CRIME;

EID: 84881419776     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIEA.2013.6566472     Document Type: Conference Paper

References (36)

1. K. Rieck, T. Holz, P. Dussel, and P. Laskov, "Learning and classification of malware behavior" in Conference on Detection of Intrusions and Malware & Vulnerability Assessment Heidelberg, Springer, 2007, pp. 108-125.
2. A. Shabtai, D. Potashnik, Y. Fledel, R. Moskovitch, and E. Elovici, "Monitoring analysis and filtering system for purifying network traffic of known and unknown malicious content" Security and Communication Networks, 2010.
3. T. Abou-Assaleh, V. Keselj, and R. Sweidan, "N-gram based detection of new malicious code" Proceeding of the 28th Annual International Computer Software and Applications Conferen c2007e IEEE Computer Society, 2004, pp. 41-42.
4. M. G. Schultz, E. Eskin, E. Zadok and S. J. Stolfo, "Data Mining Methods for Detection of New Malicious Excutables" Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001, pp. 38-49.
5. J. Z. Kolter and M. A. Maloof, "Learning to Detect Malicious Excutable in the Wild" The Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, USA, 2004 pp. 470-478.
6. J. Z. Kolter and M. A. Maloof, "Learning to Detect and Classify Malicious Executables in the Wild" Journal of Machine Learning Research, 2006, pp. 2721-2744.
7. M. Schmall, "Heuristic Techniques in Anti-Virus Solutions: An Overview", 2002.
8. M. Baily, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian and J. Nazario, "Automated classification and analysis of internet malware" Lecture Notes in Computer Science, Spinger, pp. 178-197.
9. A. Walenstein, M. Venable, M. Hayes, C. Thompson, and A. Lakhotia, "Exploiting similarity between variants to defeat malware" Proceeding of BlackHat 2007 DC Briefings, 2007.
10. VX Heavens Virus Collection, VX Heavens website, available at http://vx.netlux.org
11. IDA-Pro Tool, available at http://www.hex-rays.com
12. L. Pipanmaekaporn and Y. Li, "Mining a Data Reasoning Model for Personalized Text Classification" IEEE Intelligent Informatics Bulletin, 2011, pp. 17-24.
13. N. Zhong, Y. Li and S. T. Wu, "Effective Pattern Discovery for Text Mining" IEEE Transactions on Knowledge and Data Engineering, 2012.
14. P. Pudil, F. J. Ferri, J. Novovicova and J. Kittler, "Floating search methods for feature selection with nonmonotonic criterion functions" International Conference on Pattern Recognition, 1994, pp. 279-283.
15. KNIME Data Mining Tool, available at http://www.knime.org
16. J. H. Wang, P. S. Deng, Y. S. Fan, L. J. Jaw and Y. C. Liu, "Virus Detection Using Data Mining Techniques" In Proceedings of the IEEE 37th Annual International Conference on security Technology, 2003, pp. 71-76.
17. P. Kierski, M. Okoniewski, P. Gawrysiak, "Automatic Classification of Executable Code for Computer Virus Detection" International Conference on Intelligent Information Systems, Springer, Poland, 2003, pp. 277-284.
18. KfNgram, available at http://www.kwicfinder.com/kfNgram
19. R. Agrawal and R. Srikant, "Fast Algorithms for Mining Association Rules in Large Databases", 1994, pp. 478-499.
20. J. Ross Quinlan, "C4.5: Programs for Machine Learning" Morgan Kaufman, 1993.
21. H. Riedmiller, and M. Braun, "A direct adaptive method for faster backpropagation learning: the RPROP algorithm" Proceedings of the IEEE International Conference on Neural Networks (ICNN) pp. 586-591.
22. LIBSVM Tool, available at http://www.csie.ntu.edu.tw/~cjlin/
23. F. Cohen, "Computer Virus Theory and experiments", Computers and Security 6, 1987, pp. 22-35.
24. D. M. Chess, and S. R. White, "An undetectable computer virus" In Proceedings of Virus Bulletin Conference, 2000.
25. M. Christodorescu, and S. Jha, "Static Anlaysis of Executables to Detect Malicious Patterns", In Proceeding of the 12th USENIX Security Symp Security 2003, pp. 169-186.
26. C. Kruegel, W. Robertson, F. Valeur, and G. Vigna, "Static disassembly of obfuscated binaries", In Proceedings of USENIX Security, San Diego, CA, 2007, pp. 255-270.
27. J. Bergeron, M. Debbabi, J. Desharnais, M. M Erhioui, Y. Lavoie, and N. Tawbi, "Static Detection of Malicious Code in Executable Programs", In Symposium on Requirements Engineering for Information Security, 2001.
28. B. Zhang, J. Yin, and J. Hao, "Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code", Fuzzy Systems and Knowledge Discovery. LNCS (LNAI), Vol. 3613, 2005, pp. 629-634.
29. D. Bilar, "Statistical Structures: Tolerant Fingerprinting for Classification and Analysis", Las Vegas, NV. Blackhat Briefings USA, 2006.
30. L. Martignoni, M. Christodorescu, and S. Jha, "OmniUnpack: Fast, Generic, and Safe Unpacking of Malware", In Twenty-Third Annual Computer Security Applications Conference (ACSAC), Miami Beach, 2007.
31. Q. Zhang, and D. S. Reeves, "MetaAware: Identifying Metamorphic Malware", In: Annual Computer Security Applications Conference, 2007.
32. I. Santos, Y. K. Penya, J. Devesa, and P. G. Bringas, "n-Grams-Based File Signatures For Malware Detection", The Proceedings of the 11th International Conference on Enterprise Information Systems, Volume AIDSS, 2009, pp. 317-320.
33. M. Christodorescu, S. Jha, A. Seshia, D. Song, R. E. Bryant, "Semantics-Aware Malware Detection", In Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 08-11, 2005, pp. 32-46.
34. S. Burrows and S. M. M. Tahaghoghi, "Source code authorship attribution using n-grams", In Proceedings of the Twelfth Australasian Document Computing Symposium, A. Spink, A. Turpin, and M. Wu, Eds. RMIT University, Melbourne, Australia, 2007, pp. 32-39.
35. G. Frantzeskou, E. Stamatatos, S. Gritzalis and S. Katsikas, "Effective identification of source code authors using byte-level information", In Proceedings of the Twenty-Eighth International Conference on Software Engineering, ACM Press, Shanghai, China, 2006, pp. 893-896.
36. Y. Ye, T. Li, Q. Jiangshan and Y. Wang, "CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection", IEEE: Applications and Reviews, Vol. 40, No. 3, 2010.