Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model

Ling, Yeong Tyng and Nor Fazlida, M Sani and Mohd Taufik, Abdullah and Nor Asilah Wati Abdul, Hamid (2021) Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model. Journal of Computer Virology and Hacking Techniques. pp. 1-21.

[img] PDF
Ling Yeong Tyng.pdf

Download (184kB)

Abstract

Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection. Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context of metamorphic malware detection. However, it would be more feasible to extract a file feature at fine-grained level. In this paper, we propose a novel detection approach by generating structural features through computing a stream of byte chunks using compression ratio, entropy, Jaccard similarity coefficient and Chi-square statistic test. Nonnegative Matrix Factorization is also considered to reduce the feature dimensions. We then use the coefficient vectors from the reduced space to train Hidden Markov Model. Experimental results show there is different performance between malware detection and classification among the proposed structural features.

Item Type: Article
Uncontrolled Keywords: Hidden Markov model, Metamorphic malware, Nonnegative matrix factorization, Structural feature
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Faculties, Institutes, Centres > Faculty of Computer Science and Information Technology
Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Tyng
Date Deposited: 20 Dec 2021 02:11
Last Modified: 20 Dec 2021 02:11
URI: http://ir.unimas.my/id/eprint/37348

Actions (For repository members only: login required)

View Item View Item