Cover Image

Dynamic extraction of initial behavior for evasive malware detection

Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result...

Full description

Saved in:
Bibliographic Details
Main Authors: Aboaoja, Faitouri A., Zainal, Anazida, Ali, Abdullah Marish, Ghaleb, Fuad A., Alsolami, Fawaz Jaber, Rassam, Murad A.
Format: Article
Language:English
Published: MDPI 2023
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/105649/1/FaitouriAAboaoja2023_DynamicExtractionofInitialBehaviorforEvasive.pdf
http://eprints.utm.my/105649/
http://dx.doi.org/10.3390/math11020416
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.105649
record_format eprints
spelling my.utm.1056492024-05-08T06:05:00Z http://eprints.utm.my/105649/ Dynamic extraction of initial behavior for evasive malware detection Aboaoja, Faitouri A. Zainal, Anazida Ali, Abdullah Marish Ghaleb, Fuad A. Alsolami, Fawaz Jaber Rassam, Murad A. QA75 Electronic computers. Computer science Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975. MDPI 2023-01 Article PeerReviewed application/pdf en http://eprints.utm.my/105649/1/FaitouriAAboaoja2023_DynamicExtractionofInitialBehaviorforEvasive.pdf Aboaoja, Faitouri A. and Zainal, Anazida and Ali, Abdullah Marish and Ghaleb, Fuad A. and Alsolami, Fawaz Jaber and Rassam, Murad A. (2023) Dynamic extraction of initial behavior for evasive malware detection. Mathematics, 11 (2). pp. 1-23. ISSN 2227-7390 http://dx.doi.org/10.3390/math11020416 DOI:10.3390/math11020416
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Aboaoja, Faitouri A.
Zainal, Anazida
Ali, Abdullah Marish
Ghaleb, Fuad A.
Alsolami, Fawaz Jaber
Rassam, Murad A.
Dynamic extraction of initial behavior for evasive malware detection
description Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975.
format Article
author Aboaoja, Faitouri A.
Zainal, Anazida
Ali, Abdullah Marish
Ghaleb, Fuad A.
Alsolami, Fawaz Jaber
Rassam, Murad A.
author_facet Aboaoja, Faitouri A.
Zainal, Anazida
Ali, Abdullah Marish
Ghaleb, Fuad A.
Alsolami, Fawaz Jaber
Rassam, Murad A.
author_sort Aboaoja, Faitouri A.
title Dynamic extraction of initial behavior for evasive malware detection
title_short Dynamic extraction of initial behavior for evasive malware detection
title_full Dynamic extraction of initial behavior for evasive malware detection
title_fullStr Dynamic extraction of initial behavior for evasive malware detection
title_full_unstemmed Dynamic extraction of initial behavior for evasive malware detection
title_sort dynamic extraction of initial behavior for evasive malware detection
publisher MDPI
publishDate 2023
url http://eprints.utm.my/105649/1/FaitouriAAboaoja2023_DynamicExtractionofInitialBehaviorforEvasive.pdf
http://eprints.utm.my/105649/
http://dx.doi.org/10.3390/math11020416
_version_ 1800082642744377344
score 13.211869

Similar Items