Behavior-Obfuscation Resistance Malware Detection

Cheng, Binlin; Liu, Jinjun; Chen, Jie‐Jie; Shu-dong, Shi; Peng, Xufu; Xingwen, Zhang; Hai, Haiqing

doi:10.1093/comjnl/bxz033

Cited by 2 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The study done by [9] focuses on improving an effective and efficient approach for malware detection by using the behavior of malware families. The authors proposed this methodology because they knew that the attacker could modify API call features with no change in overall behavior.…”

Section: Related Studiesmentioning

confidence: 99%

Performance of Malware Detection Classifier Using Genetic Programming in Feature Selection

Harahsheh¹,

Shraideh²,

Sharaeh³

2021

IJCAI

View full text Add to dashboard Cite

The term "malicious software," which is commonly referred to as malware, describes malicious software that affects or harms computers, servers, or networks. While the numbers and complexity of malware have rapidly increased, developing a malware detection system is required to detect malware in the world of cybersecurity and test the behavior of its new features. While traditional techniques provide less efficiency in detecting new malware, machine learning techniques are used to achieve rapid malware detection in an intelligent way to improve detection performance, as malware and its application in the industry are constantly increasing. In this study, we developed a malware detection model by detecting malware using machine learning classifiers, after passing a new feature selection technique using genetic programming. We also compared the performance of all classifiers using the most recent feature selection techniques. Results show that Random Forest, Random Forest ( 4), and Random Tree give the best value in all experiments, while Hoeffding Tree and Decision Stump give lower values for F1-score and accuracy in all experiments. The feature selection method that proposed GPMP gives a better value than Filter-based with little differences. The accuracy and F1-score have the values of 0.881066 and 0.867546 for GPMP, and the values of 0.877624 and 0.862894 for Filter-based, respectively. The experimental results reveal that GPMP used fewer features than Filter-based, and this affected the computation and complexity of the model. Povzetek: Analizirane so bile metode strojnega učenja za povečanje uspešnosti odkrivanja zlonamerne programske opreme.

show abstract

Section: Related Studiesmentioning

confidence: 99%