Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Support vector machines and malware detection

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

In this research, we test three advanced malware scoring techniques that have shown promise in previous research, namely, Hidden Markov Models, Simple Substitution Distance, and Opcode Graph based detection. We then perform a careful robustness analysis by employing morphing strategies that cause each score to fail. We show that combining scores using a Support Vector Machine yields results that are significantly more robust than those obtained using any of the individual scores.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Attaluri, S., McGhee, S., Stamp, M.: Profile hidden Markov models and metamorphic virus detection. J. Comput. Virol. 5(2), 151–169 (2009)

    Article  Google Scholar 

  2. Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9(4), 179–192 (2013)

    Article  Google Scholar 

  3. Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. J. Pattern Recognit. 30(7), 1145–1159 (1997)

    Article  Google Scholar 

  4. Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods. Cambridge University Press, London (2000)

    Book  MATH  Google Scholar 

  5. Cygwin. Cygwin utility files. http://www.cygwin.com/ (2015). Accessed 21 Sept 2015

  6. Damodaran, A.: Combining dynamic and static analysis for malware detection. San Jose State University, Department of Computer Science, Master’s Projects, Paper 391. http://scholarworks.sjsu.edu/etd_projects/391 (2015). Accessed 21 Sept 2015

  7. Deshpande, P.: Metamorphic detection using function call graph analysis. San Jose State University, Department of Computer Science, Master’s Projects, Paper 336. http://scholarworks.sjsu.edu/etd_projects/336 (2013). Accessed 21 Sept 2015

  8. Deshpande, S., Park, Y., Stamp, M.: Eigenvalue analysis for metamorphic detection. J. Comput. Virol. Hacking Tech. 10(1), 53–65 (2014)

    Article  Google Scholar 

  9. Harebot. http://www.pandasecurity.com/homeusers/security-info/220319/Harebot.M (2015). Accessed 21 Sept 2015

  10. Introduction to Support Vector Machines. http://fourier.eng.hmc.edu/e161/lectures/svm (2015). Accessed 21 Sept 2015

  11. Jakobsen, T.: A fast method for the cryptanalysis of substitution ciphers. Cryptologia 19, 265–274 (1995)

    Article  MATH  Google Scholar 

  12. Jidigam, R.K., Austin, T.H., Stamp, M.: Singular value decomposition and metamorphic detection. J. Comput. Virol. Hacking Tech (2015). (To appear)

  13. Lee, J., Austin, T.H., Stamp, M.: Compression-based analysis of metamorphic malware. Int. J. Secur. Netw (2015). (To appear)

  14. Lin, D., Stamp, M.: Hunting for undetectable metamorphic viruses. J. Comput. Virol. 7(3), 201–214 (2011)

    Article  Google Scholar 

  15. Lu, Y.B., Din, S.C., Zeng, C.F.: Using multi-feature and classifier ensembles to improve malware detection. J. C.C.I.T 32(2), 57–72 (2010)

    Google Scholar 

  16. Malicia Project. http://malicia-project.com/ (2015). Accessed 21 Sept 2015

  17. Menahem, E., Shabtai, A., Rokach, L., Elovici, Y.: Improving malware detection by applying multi-inducer ensemble. Comput. Stat. Data Anal. 53(4), 1483–1494 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  18. Nappa, A., Zubair Rafique, M., Caballero, J.: Driving in the cloud: an analysis of drive-by download operations and abuse reporting. In: Proceedings of the 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment. Berlin (2013)

  19. Ng, A.: Support vector machines. http://cs229.stanford.edu/notes/cs229-notes3.pdf (2015). Accessed 21 Sept 2015

  20. Patel, M.: Similarity tests for metamorphic virus detection. San Jose State University, Department of Computer Science, Master’s Projects, Paper 175. http://scholarworks.sjsu.edu/etd_projects/175 (2011). Accessed 21 Sept 2015

  21. Qin, Z., Chen, N., Zhang, Q., Di, Y.: Mobile phone viruses detection based on HMM. In: Proceedings of International Conference on Multimedia Information Networking and Security, pp. 516–519 (2011)

  22. Runwal, N., Low, R.M., Stamp, M.: Opcode graph similarity and metamorphic detection. J. Comput. Virol. 8(1–2), 37–52 (2012)

    Article  Google Scholar 

  23. Security Shield. http://www.symantec.com/security_response/glossary/define.jsp?letter=s&word=security-shield. Accessed 21 Sep 2015

  24. Shanmugam, G., Low, R., Stamp, M.: Simple substitution distance and metamorphic detection. J. Comput. Virol. Hacking Tech. 9(3), 159–170 (2013)

    Article  Google Scholar 

  25. Smart HDD. http://support.kaspersky.com/viruses/rogue?qid=208286454 (2015). Accessed 21 Sept 2015

  26. Snakebyte. Next generation virus construction kit (NGVCK). http://vx.netlux.org/vx.php?id=tn02 (2000). Accessed 21 Sept 2015

  27. Stamp, M.: A revealing introduction to hidden Markov models. http://www.cs.sjsu.edu/~stamp/RUA/HMM.pdf (2015). Accessed 21 Sept 2015

  28. Support vector machines (SVM) introductory overview. http://www.statsoft.com/textbook/support-vector-machines (2015). Accessed 21 Sept 2015

  29. Toderici, A.H., Stamp, M.: Chi-squared distance and metamorphic virus detection. J. Comput. Virol. Hacking Tech. 9(1), 1–14 (2013)

    Article  Google Scholar 

  30. Trojan.Zbot. http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99 (2015). Accessed 21 Sept 2015

  31. Trojan.ZeroAccess. http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99 (2015). Accessed 21 Sept 2015

  32. Win32/Winwebsec. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fWinwebsec (2015). Accessed 21 Sept 2015

  33. Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211–229 (2006)

    Article  Google Scholar 

  34. Xin, K., Li, G., Qin, Z., Zhang, Q.: Malware detection in smartphones using hidden Markov model. In: Proceedings of International Conference on Multimedia Information Networking and Security, pp. 857–860 (2012)

  35. Zhang, B., Yin, J., Hao, J., Zhang, D., Wang, S.: Malicious codes detection based on ensemble learning. In: Proceedings of Autonomic and Trusted Computing, 4th International Conference, pp. 468–477 (2007)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, San Jose State University, San Jose, USA

    Tanuvir Singh, Thomas H. Austin & Mark Stamp

  2. Department of Engineering, Università degli Studi del Sannio, Benevento, Italy

    Fabio Di Troia & Visaggio Aaron Corrado

Authors
  1. Tanuvir Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Di Troia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Visaggio Aaron Corrado
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas H. Austin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mark Stamp
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Stamp.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Singh, T., Di Troia, F., Corrado, V.A. et al. Support vector machines and malware detection. J Comput Virol Hack Tech 12, 203–212 (2016). https://doi.org/10.1007/s11416-015-0252-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-015-0252-0

Keywords

Search

Navigation