Ling, Yeong Tyng and Nor Fazlida, M Sani and Mohd Taufik, Abdullah and Nor Asilah Wati Abdul, Hamid (2021) Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model. Journal of Computer Virology and Hacking Techniques. pp. 1-21.
PDF
Ling Yeong Tyng.pdf Download (184kB) |
Abstract
Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection. Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context of metamorphic malware detection. However, it would be more feasible to extract a file feature at fine-grained level. In this paper, we propose a novel detection approach by generating structural features through computing a stream of byte chunks using compression ratio, entropy, Jaccard similarity coefficient and Chi-square statistic test. Nonnegative Matrix Factorization is also considered to reduce the feature dimensions. We then use the coefficient vectors from the reduced space to train Hidden Markov Model. Experimental results show there is different performance between malware detection and classification among the proposed structural features.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Hidden Markov model, Metamorphic malware, Nonnegative matrix factorization, Structural feature |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Divisions: | Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology Faculties, Institutes, Centres > Faculty of Computer Science and Information Technology Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology |
Depositing User: | Tyng |
Date Deposited: | 20 Dec 2021 02:11 |
Last Modified: | 20 Dec 2021 02:11 |
URI: | http://ir.unimas.my/id/eprint/37348 |
Actions (For repository members only: login required)
View Item |