Similarity-Based Malware Classification Using Hidden Markov Model

Imran, Mohammed; Afzal, Muhammad; Qadir, Muhammad Abdul

doi:10.1109/cybersec.2015.33

Cited by 10 publications

(9 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dynamic analysis extracts behavioral features such as system calls [18], instruction sequences, network activities, etc. Imran et al [19] presented a similarity-based malware classification system. API call sequences were extracted using Hidden Markov Models (HMMs) and similarity scores were estimated for classifying malware.…”

Section: A Classification Methods Without Feature Selectionmentioning

confidence: 99%

An Efficient Malware Detection System using Hybrid Feature Selection Methods

Roseline¹,

Geetha²

2019

IJEAT

View full text Add to dashboard Cite

Malware is a serious threat to individuals and users. The security researchers present various solutions, striving to achieve efficient malware detection. Malware attackers devise detection avoidance techniques to escape from detection systems. The key challenge is that growth of malware increases every hour, leading to large damages to users’ privacy. The training process takes much longer time, mining the unnecessary features. Feature Selection is effective in achieving unique feature set in detecting malware. In this paper, we propose a malware detection system using hybrid feature selection approach to detect malware efficiently with a reduced feature set. Machine learning based classification is performed on eight classifiers with two malware datasets. The experiments were done without and with feature selection. The empirical results show that the classification using selected feature set and XGB classifier identifies malware efficiently with an accuracy of 98.9% and 99.26% for the two datasets.

show abstract

Section: A Classification Methods Without Feature Selectionmentioning

confidence: 99%

An Efficient Malware Detection System using Hybrid Feature Selection Methods

Roseline¹,

Geetha²

2019

IJEAT

View full text Add to dashboard Cite

show abstract

“…The paper did not study any ransomware sample. A related research work [21] proposed a novel malware classification scheme that is based on Hidden Markov Models (HMMs) and discriminative classifiers. The proposed scheme takes the sequences of system calls that are generated by malware during execution as observation sequences to train the HMMs.…”

Section: Hidden Markov Model (Hmm)mentioning

confidence: 99%

A Proactive Approach for Detecting Ransomware based on Hidden Markov Model (HMM)

Saleh

2019

IJICR

View full text Add to dashboard Cite

A ransomware is the most hazardous kind of computer malware that causes a huge devastation to the computer systems, so that detecting it is highly required at the moment. Truthfully, several prior researchers addressed Markov Model and its variants, like Hidden Markov Model, to detect a malware, but none of them addressed the detection of ransomware through Assembly language instructions. In this paper, a new proactive approach for detecting ransomware based on Hidden Markov Model (HMM) is proposed in order to detect and classify ransomware. In addition, new datasets that comprises of various benign and ransomware are generated and collected. The proposed approach utilized Hidden Markov Model (HMM) for analyzing the generated and collected datasets from benign and ransomware samples, and it detected and classified all samples correctly with 73% accurate testing samples emissions sequence.(2)

show abstract

“…Although the authors of the cited text do not refer to their technique as a feature selection method, the process that they have adopted performs the exact task of converting a given sequence into a fixed length vector that can subsequently be used by a discriminative classifier for the classification of sequences. Imran et al [13] have applied the same methodology for malware classification.…”

Section: Hidden Markov Modelmentioning

confidence: 99%

“…Opcode sequences from malware samples were then scored against the HMMs to generate the feature vectors, which were then used for clustering of malware samples. Imran et al [13] varied this method by modeling malicious behavior instead of compiler behavior. In their approach, malware behavior was represented as a sequence of system calls used to train separate HMMs for different malware families.…”

Section: Related Workmentioning

confidence: 99%

A comparison of feature extraction techniques for malware analysis

Imran¹,

Afzal²,

Qadir³

2017

Turk J Elec Eng & Comp Sci

Self Cite

View full text Add to dashboard Cite

Abstract:The manifold growth of malware in recent years has resulted in extensive research being conducted in the domain of malware analysis and detection, and theories from a wide variety of scientific knowledge domains have been applied to solve this problem. The algorithms from the machine learning paradigm have been particularly explored, and many feature extraction methods have been proposed in the literature for representing malware as feature vectors to be used in machine learning algorithms. In this paper we present a comparison of several feature extraction techniques by first applying them on system call logs of real malware, and then evaluating them using a random forest classifier. In our experiment the HMM-based feature extraction method outperformed the other methods by obtaining an F-measure of 0.87. We also explored the possibility of using ensembles of feature extraction methods, and discovered that combination of HMM-based features with bigram frequency features improved the F-measure by 1.7%.

show abstract

Similarity-Based Malware Classification Using Hidden Markov Model

Cited by 10 publications

References 22 publications

An Efficient Malware Detection System using Hybrid Feature Selection Methods

An Efficient Malware Detection System using Hybrid Feature Selection Methods

A Proactive Approach for Detecting Ransomware based on Hidden Markov Model (HMM)

A comparison of feature extraction techniques for malware analysis

Contact Info

Product

Resources

About