Structural features with nonnegative matrix factorization for metamorphic malware detection
Metamorphic malware is well known for evading signature-based detection by exploiting various code obfuscation techniques. Current metamorphic malware detection approaches require some prior knowledge during feature engineering stage to extract patterns and behaviors from malware. In this paper, we...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier Advanced Technology
2021
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/95181/1/Structural%20features%20with%20nonnegative%20matrix%20factorization%20for%20metamorphic%20malware%20detection.pdf http://psasir.upm.edu.my/id/eprint/95181/ https://www.sciencedirect.com/science/article/pii/S0167404821000407 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.upm.eprints.95181 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.951812023-01-04T09:02:09Z http://psasir.upm.edu.my/id/eprint/95181/ Structural features with nonnegative matrix factorization for metamorphic malware detection Yeong, Tyng Ling Mohd Sani, Nor Fazlida Abdullah, Mohd. Taufik Abdul Hamid, Nor Asilah Wati Metamorphic malware is well known for evading signature-based detection by exploiting various code obfuscation techniques. Current metamorphic malware detection approaches require some prior knowledge during feature engineering stage to extract patterns and behaviors from malware. In this paper, we attempt to complement and extend previous techniques by proposing a metamorphic malware detection approach based on structure analysis by using information theoretic measures and statistical metrics with machine learning model. In particular, compression ratio, entropy, Jaccard coefficient and Chi-square tests are used as feature representations to reveal the byte information existing in malware binary file. Furthermore, by using Nonnegative Matrix Factorization, feature dimension can be reduced. The experimental results show the Jaccard coefficient on hexadecimal byte as feature representation is effective for Windows metamorphic malware detection with an accuracy rate and F-score as high as 0.9972 and 0.9958, respectively. Whereas for Linux morphed malware detection, the Chi-square statistic test shows as effective feature representation with an accuracy rate and F-score as high as 0.9878 and 0.9901, respectively. Overall, the proposed feature representations and the technique of dimension reduction can be useful for detecting metamorphic malware. Elsevier Advanced Technology 2021-02-12 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/95181/1/Structural%20features%20with%20nonnegative%20matrix%20factorization%20for%20metamorphic%20malware%20detection.pdf Yeong, Tyng Ling and Mohd Sani, Nor Fazlida and Abdullah, Mohd. Taufik and Abdul Hamid, Nor Asilah Wati (2021) Structural features with nonnegative matrix factorization for metamorphic malware detection. COMPUTERS & SECURITY, 104 (102216). pp. 1-30. ISSN 0167-4048; ESSN: 1872-6208 https://www.sciencedirect.com/science/article/pii/S0167404821000407 10.1016/j.cose.2021.102216 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Metamorphic malware is well known for evading signature-based detection by exploiting various code obfuscation techniques. Current metamorphic malware detection approaches require some prior knowledge during feature engineering stage to extract patterns and behaviors from malware. In this paper, we attempt to complement and extend previous techniques by proposing a metamorphic malware detection approach based on structure analysis by using information theoretic measures and statistical metrics with machine learning model. In particular, compression ratio, entropy, Jaccard coefficient and Chi-square tests are used as feature representations to reveal the byte information existing in malware binary file. Furthermore, by using Nonnegative Matrix Factorization, feature dimension can be reduced. The experimental results show the Jaccard coefficient on hexadecimal byte as feature representation is effective for Windows metamorphic malware detection with an accuracy rate and F-score as high as 0.9972 and 0.9958, respectively. Whereas for Linux morphed malware detection, the Chi-square statistic test shows as effective feature representation with an accuracy rate and F-score as high as 0.9878 and 0.9901, respectively. Overall, the proposed feature representations and the technique of dimension reduction can be useful for detecting metamorphic malware. |
| format |
Article |
| author |
Yeong, Tyng Ling Mohd Sani, Nor Fazlida Abdullah, Mohd. Taufik Abdul Hamid, Nor Asilah Wati |
| spellingShingle |
Yeong, Tyng Ling Mohd Sani, Nor Fazlida Abdullah, Mohd. Taufik Abdul Hamid, Nor Asilah Wati Structural features with nonnegative matrix factorization for metamorphic malware detection |
| author_facet |
Yeong, Tyng Ling Mohd Sani, Nor Fazlida Abdullah, Mohd. Taufik Abdul Hamid, Nor Asilah Wati |
| author_sort |
Yeong, Tyng Ling |
| title |
Structural features with nonnegative matrix factorization for metamorphic malware detection |
| title_short |
Structural features with nonnegative matrix factorization for metamorphic malware detection |
| title_full |
Structural features with nonnegative matrix factorization for metamorphic malware detection |
| title_fullStr |
Structural features with nonnegative matrix factorization for metamorphic malware detection |
| title_full_unstemmed |
Structural features with nonnegative matrix factorization for metamorphic malware detection |
| title_sort |
structural features with nonnegative matrix factorization for metamorphic malware detection |
| publisher |
Elsevier Advanced Technology |
| publishDate |
2021 |
| url |
http://psasir.upm.edu.my/id/eprint/95181/1/Structural%20features%20with%20nonnegative%20matrix%20factorization%20for%20metamorphic%20malware%20detection.pdf http://psasir.upm.edu.my/id/eprint/95181/ https://www.sciencedirect.com/science/article/pii/S0167404821000407 |
| _version_ |
1754531211273830400 |
| score |
13.211869 |