research-article

Development of method for malware classification based on statistical methods and an extended set of system calls data

Authors:

Ludmila Babenko,

Alexey KirillovAuthors Info & Claims

SIN '18: Proceedings of the 11th International Conference on Security of Information and Networks

Article No.: 8, Pages 1 - 6

https://doi.org/10.1145/3264437.3264478

Published: 10 September 2018 Publication History

Abstract

In this paper, we propose a method for malware classification, by applying a statistical methods to an extended data set of system function calls, it becomes possible to improve the classification quality of malware samples. Applying the method of classification with unsupervised learning, it is possible to achieve a quality of classification comparable with classification methods based on supervised learning, including neural networks. Thus, the proposed method allows to perform detection of previously unknown families and more efficiently to detect unknown samples of small families.

References

[1]

2018. Cuckoo Sandbox - Automated Malware Analysis. Retrieved July 26, 2018 from https://cuckoosandbox.org

[2]

2018. One-hot - Wikipedia. Retrieved July 26, 2018 from https://en.wikipedia.org/wiki/One-hot

[3]

2018. PEB structure | Microsoft Docs. Retrieved July 26, 2018 from https://msdn.microsoft.com/ru-ru/library/windows/desktop/aa813706(v=vs.85).aspx

[4]

2018. scikit-learn: machine learning in Python - scikit-learn 0.19.2 documentation. Retrieved July 26, 2018 from http://scikit-learn.org/stable/

[5]

S Aranganayagi and K Thangavel. 2007. Clustering categorical data using silhouette coefficient as a relocating measure. In Conference on Computational Intelligence and Multimedia Applications, 2007. International Conference on, Vol. 2. IEEE, 13--17.

Digital Library

[6]

Ludmila Babenko and Alexey Kirillov. 2017. Malware detection by metainformation of used system functions. In Proceedings of the 10th International Conference on Security of Information and Networks. ACM, 240--244.

Digital Library

[7]

Akashdeep Bhardwaj, Vinay Avasthi, Hanumat Sastry, and GVB Subrahmanyam. 2016. Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology 9, 14 (2016), 1--5.

[8]

Dorin Comaniciu and Peter Meer. 2002. Mean shift: A robust approach toward feature space analysis. IEEE Transactions on pattern analysis and machine intelligence 24, 5 (2002), 603--619.

Digital Library

[9]

Martin Ester, Hans-Peter Kriegel, Jörg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In Kdd, Vol. 96. 226--231.

Digital Library

[10]

Sanchit Gupta, Harshit Sharma, and Sarvjeet Kaur. 2016. Malware Characterization Using Windows API Call Sequences. In International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, 271--280.

[11]

John A Hartigan and Manchek A Wong. 1979. Algorithm AS 136: A k-means clustering algorithm. Journal of the Royal Statistical Society. Series C (Applied Statistics) 28, 1 (1979), 100--108.

Digital Library

[12]

Bojan Kolosnjaji, Apostolis Zarras, George Webster, and Claudia Eckert. 2016. Deep learning for classification of malware system call sequences. In Australasian Joint Conference on Artificial Intelligence. Springer, 137--149.

[13]

Jesse Kornblum. 2006. Identifying almost identical files using context triggered piecewise hashing. Digital investigation 3 (2006), 91--97.

Digital Library

[14]

MSDN. 2018. CryptBinaryToStringA function | Microsoft Docs. Retrieved July 26, 2018 from https://msdn.microsoft.com/en-us/library/windows/desktop/aa379887(v=vs.85).aspx

[15]

Dennis W Ruck, Steven K Rogers, Matthew Kabrisky, Mark E Oxley, and Bruce W Suter. 1990. The multilayer perceptron as an approximation to a Bayes optimal discriminant function. IEEE Transactions on Neural Networks 1, 4 (1990), 296--298.

Digital Library

[16]

PV Shijo and A Salim. 2015. Integrated static and dynamic analysis for malware detection. Procedia Computer Science 46 (2015), 804--811.

Digital Library

[17]

Jolliffe I. T. 1986. Principal component analysis and factor analysis. In Principal component analysis.

[18]

Shun Tobiyama, Yukiko Yamaguchi, Hajime Shimada, Tomonori Ikuse, and Takeshi Yagi. 2016. Malware detection with deep neural network using process behavior. In Computer Software and Applications Conference (COMPSAC), 2016 IEEE 40th Annual, Vol. 2. IEEE, 577--582.

[19]

Tobias Wüchner, Martín Ochoa, and Alexander Pretschner. 2014. Malware detection with quantitative data flow graphs. In Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 271--282.

Digital Library

Cited By

Brown PBrown AGupta MAbdelsalam M(2022)Online Malware Classification with System-Wide System Calls in Cloud IaaS2022 IEEE 23rd International Conference on Information Reuse and Integration for Data Science (IRI)10.1109/IRI54793.2022.00042(146-151)Online publication date: Aug-2022
https://doi.org/10.1109/IRI54793.2022.00042
Nunes MBurnap PRana OReinecke PLloyd K(2019)Getting to the root of the problem: A detailed comparison of kernel and user level data for dynamic malware analysisJournal of Information Security and Applications10.1016/j.jisa.2019.10236548(102365)Online publication date: Oct-2019
https://doi.org/10.1016/j.jisa.2019.102365

Index Terms

Development of method for malware classification based on statistical methods and an extended set of system calls data
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

A Malware Classification Method Based on Generic Malware Information
ICONIP 2015: Proceeings, Part II, of the 22nd International Conference on Neural Information Processing - Volume 9490

Since attackers easily have been making malware using dedicated malware generation tools, the number of malware is increasing rapidly. However, it is hard to analyze all malwares because of rise in high-volume of malwares. For this reason, many ...
Toward an Automatic, Online Behavioral Malware Classification System
SASO '13: Proceedings of the 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems

Malware authors are increasingly using specialized toolkits and obfuscation techniques to modify existing malware and avoid detection by traditional antivirus software. The resulting proliferation of obfuscated malware variants poses a challenge to ...
Malware Detection Systems Based on API Log Data Mining
COMPSAC '15: Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference - Volume 03

As information technology improves, the Internet is involved in every area in our daily life. When the mobile devices and cloud computing technology start to play important parts of our life, they have become more susceptible to attacks. In recent years,...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '18: Proceedings of the 11th International Conference on Security of Information and Networks

September 2018

148 pages

ISBN:9781450366083

DOI:10.1145/3264437

Conference Chairs:
Pete Burnap
Cardiff University, UK
,
Atilla Elçi
Aksaray Univeristy, Turkey
,
Omer Rana
Cardiff University, UK
,
Program Chairs:
Philipp Reinecke
Cardiff University, UK
,
Naghmeh Moradpoor
Edinburgh Napier University, UK
,
George Theodorakopoulos
Cardiff University, UK
,
Koray Karabina
Florida Atlantic University, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Cardiff University: Cardiff University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 September 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SIN '18

SIN '18: 11th International Conference On Security Of Information and Networks

September 10 - 12, 2018

Cardiff, United Kingdom

Acceptance Rates

SIN '18 Paper Acceptance Rate 24 of 42 submissions, 57%;

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
77
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Brown PBrown AGupta MAbdelsalam M(2022)Online Malware Classification with System-Wide System Calls in Cloud IaaS2022 IEEE 23rd International Conference on Information Reuse and Integration for Data Science (IRI)10.1109/IRI54793.2022.00042(146-151)Online publication date: Aug-2022
https://doi.org/10.1109/IRI54793.2022.00042
Nunes MBurnap PRana OReinecke PLloyd K(2019)Getting to the root of the problem: A detailed comparison of kernel and user level data for dynamic malware analysisJournal of Information Security and Applications10.1016/j.jisa.2019.10236548(102365)Online publication date: Oct-2019
https://doi.org/10.1016/j.jisa.2019.102365

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents