Nonnegative matrix factorization and metamorphic malware detection

Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In th...

Full description

Saved in:
Bibliographic Details
Main Authors: Ling, Yeong Tyng, Mohd Sani, Nor Fazlida, Abdullah, Mohd Taufik, Abdul Hamid, Nor Asilah Wati
Format: Article
Language:English
Published: Springer Nature Switzerland AG 2019
Online Access:http://psasir.upm.edu.my/id/eprint/81487/1/Nonnegative%20matrix%20factorization%20and%20metamorphic%20malware%20detection.pdf
http://psasir.upm.edu.my/id/eprint/81487/
https://link.springer.com/article/10.1007/s11416-019-00331-0
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.