Signature-Based Malware Detection Using Sequences of N-grams

Abstract: The focus of our study is on one set of malware family known as Brontok worms. These worms have long been a huge burden to most Windows-based user platforms. A prototype of the antivirus was able to scan files and accurately detect any traces of the Brontok malware signatures in the scanned files. In this study, we developed a detection model by extracting the signatures of the Brontok worms and used an n-gram technique to break down the signatures. This process makes the task to remove redundancies between th… Show more

“…Also, ContagioDump, VirusTotal, and VirusShare were also employed for malware samples. However, in this SLR study, VirusShare [68], [63], [76], [86], [97], [102], [107], [117], [120], [58], [116] is found as the most popular dataset used in their experiments, followed by DREBIN, [67], [72], [80], [87], [88], [108], [109], [62], [64] Malware Genome Project, [114], [115], [64], [74], [112], [118], Google Play Store, [64], [74], [85], [115], [114] and many more type of datasets as shown in TABLE 14 in Appendix A.…”

“…SVM [126], DT [93], and N-grams [102] have the highest detection accuracy rate, at 100%, while NB [86] has the lowest detection accuracy rate, at 64.7%. However, only a limited dataset was used to examine the performance of DT and, Ngrams for malware detection.…”

“…, [56], [57], [60], [61], [64], [66], [67], [69], [70], [71], [76], [81], [83], [84], [85], [87], [88], [90], [94], [96], [100], [101], [102], [105], [109], [113], [119], [121], [125] Signaturebased false positive rate and raising the false negative rate overcomes the limitations of heuristic-based approaches.…”

“…Meanwhile, based on the SLR results, as seen in TABLE 10, most of the studies with a percentage of 53.3% use static analysis, which is also used in the study of N-grams [102], achieving 100% accuracy rate to detect malware. However, the other two studies used dynamic analysis, which achieved a 100% accuracy rate in detecting malware, DT [93] and SVM [126].…”

“…Besides, various types of datasets were used in the experiment leading to poor performance [61], [69]. The researchers also received an insufficient sample of data [78], and some of them had difficulties in finding suitable datasets [81], [102] for their experiments. Others, since the dataset is created from scratch with a minimum sample of files for analysis, bias is detected in producing the results [93].…”

Machine Learning Algorithm for Malware Detection: Taxonomy, Current Challenges, and Future Directions

“…Also, ContagioDump, VirusTotal, and VirusShare were also employed for malware samples. However, in this SLR study, VirusShare [68], [63], [76], [86], [97], [102], [107], [117], [120], [58], [116] is found as the most popular dataset used in their experiments, followed by DREBIN, [67], [72], [80], [87], [88], [108], [109], [62], [64] Malware Genome Project, [114], [115], [64], [74], [112], [118], Google Play Store, [64], [74], [85], [115], [114] and many more type of datasets as shown in TABLE 14 in Appendix A.…”

“…SVM [126], DT [93], and N-grams [102] have the highest detection accuracy rate, at 100%, while NB [86] has the lowest detection accuracy rate, at 64.7%. However, only a limited dataset was used to examine the performance of DT and, Ngrams for malware detection.…”

“…, [56], [57], [60], [61], [64], [66], [67], [69], [70], [71], [76], [81], [83], [84], [85], [87], [88], [90], [94], [96], [100], [101], [102], [105], [109], [113], [119], [121], [125] Signaturebased false positive rate and raising the false negative rate overcomes the limitations of heuristic-based approaches.…”

“…Meanwhile, based on the SLR results, as seen in TABLE 10, most of the studies with a percentage of 53.3% use static analysis, which is also used in the study of N-grams [102], achieving 100% accuracy rate to detect malware. However, the other two studies used dynamic analysis, which achieved a 100% accuracy rate in detecting malware, DT [93] and SVM [126].…”

“…Besides, various types of datasets were used in the experiment leading to poor performance [61], [69]. The researchers also received an insufficient sample of data [78], and some of them had difficulties in finding suitable datasets [81], [102] for their experiments. Others, since the dataset is created from scratch with a minimum sample of files for analysis, bias is detected in producing the results [93].…”

Machine Learning Algorithm for Malware Detection: Taxonomy, Current Challenges, and Future Directions

A Recent Research on Malware Detection Using Machine Learning Algorithm: Current Challenges and Future Works

AI-enabled approach for enhancing obfuscated malware detection: a hybrid ensemble learning with combined feature selection techniques