Obfuscated computer malware classification based on significant opcode
Computer malware has greatly impacted the computer network securities and even personal computer users. Signature-based detection is incapable to recognize the obfuscated computer malware since it is being covered by the obfuscation techniques. Therefore, machine learning is being explored and equip...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2022
|
Subjects: | |
Online Access: | http://eprints.utm.my/id/eprint/99642/1/YuChiiHengMSKE2022.pdf http://eprints.utm.my/id/eprint/99642/ http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:149790 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Computer malware has greatly impacted the computer network securities and even personal computer users. Signature-based detection is incapable to recognize the obfuscated computer malware since it is being covered by the obfuscation techniques. Therefore, machine learning is being explored and equipped in the malware detection to withstand the threaten of malware. In fact, there are many features available, i.e., text string to be implemented for malware classification. Nevertheless, opcode could be one of the features owing to its relative smaller data size compared to the text string. In this project, the significant opcodes from the executable malware files are extracted and several machine learning classifiers are compared in terms of classification accuracy and speed, as well as the comparison is done with text string-based detection and signature-based detection. Only significant opcodes are extracted from the malware assembly code whereas the obfuscated malware code is used as testing dataset to observe the performance of classifier models. From the finding, machine learning classification using significant opcode is able to detect obfuscated malware with less time taken as compared to text string feature. |
---|