Nonnegative matrix factorization and metamorphic malware detection

Ling, Yeong Tyng and Nor Fazlida, Mohd Sani and Mohd Taufik, Abdullah and Nor Asilah Wati, Abdul Hamid (2019) Nonnegative matrix factorization and metamorphic malware detection. Journal of Computer Virology and Hacking Techniques, 15. pp. 195-208. ISSN 2263-8733

[img] PDF

Download (7MB)
Official URL:


Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.

Item Type: Article
Additional Information: Information, Communication and Creative Technology
Uncontrolled Keywords: Metamorphic malware · Nonnegative matrix factorization · Dimension reduction · Structural analysis, unimas, university, universiti, Borneo, Malaysia, Sarawak, Kuching, Samarahan, ipta, education, research, Universiti Malaysia Sarawak.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Gani
Date Deposited: 14 Sep 2020 04:02
Last Modified: 14 Sep 2022 07:26

Actions (For repository members only: login required)

View Item View Item