Towards a Theory of Generalizing System Call Representation for In-Execution Malware Detection

Mehdi, Bushra Jabeen; Ahmed, Faraz; Khayyam, S. A.; Farooq, Muddassar

doi:10.1109/icc.2010.5501969

Cited by 25 publications

(18 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors in [15] proposed an enhanced variant of the above-mentioned approach known as hypergrams which represent variable length system call sequences in in-execution malware analysis and detection. A Hyperspace which is kdimensional is used to visualize the n-grams where k is the number of unique system call sequences of a process in its execution.…”

Section: Related Workmentioning

confidence: 99%

Linux malware detection using non-parametric statistical methods

Ka¹,

Vinod²

2014

2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI)

View full text Add to dashboard Cite

Linux is the most renowned open source operating system. In recent years, the number of malware targeting Linux OS has been increased and the traditional defence mechanisms seems to be futile. We propose a novel non-parametric statistical approach using machine learning techniques for identifying previously unknown malicious Executable Linkable Files (ELF). The system calls employed as features extracted dynamically within a controlled environment. The proposed approach ranks and determine the prominent features by using non-parametric statistical methods like Kruskal-Wallis ranking test (KW), Deviation From Poisson (DFP). Three learning algorithms (J48, Adaboost and Random Forest) are applied to generate prediction model, from a minimal set of features extracted from the system call traces. Optimal feature vector resulted in over all classification accuracy of 97.30% to identify unknown malicious specimens.

show abstract

Section: Related Workmentioning

confidence: 99%

Linux malware detection using non-parametric statistical methods

Ka¹,

Vinod²

2014

2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI)

View full text Add to dashboard Cite

show abstract

“…F alseP ositiveRate (F P R) = F P/(T N + F P ) ( 8 ) where, TP-True Positives which represent the number of correctly identified malware instances, TN-True Negatives which denote correctly classified benign samples whereas FP-False Positives designate misclassified benign files and FNFalse Negatives represents misclassified malware instances.…”

Section: Evaluation Measuresmentioning

confidence: 99%

“…The authors in [8] proposed a new approach known as hypergrams to represent variable length system call sequences for in-execution malware analysis and detection. A k -dimensional hyperspace was used to visualize the n-grams where, k represents the number of unique system call sequences of a program in execution.…”

Section: Related Workmentioning

confidence: 99%

Linux Malware Detection Using eXtended–Symmetric Uncertainty

Asmitha¹,

Vinod²

2014

Security, Privacy, and Applied Cryptography Engineering

View full text Add to dashboard Cite

Abstract. We propose a novel two step dimensionality reduction approach based on correlation using machine learning techniques for identifying unseen malicious Executable Linkable Files (ELF). System calls used as features are dynamically extracted in a sandbox environment. The extended version of symmetric uncertainty (X-SU) proposed by us, ranks feature by determining Feature-Class correlation using entropy, information gain and further eliminate the redundant features by estimating Feature-Feature correlation using weighted probabilistic information gain. Three learning algorithms (J48, Adaboost and Random Forest) are employed to generate prediction models, from the system call traces. Optimal feature vector constructed using minimum feature length (27 no.) resulted in over all classification accuracy of 99.40% with very less false alarm to identify unknown malicious specimens.

show abstract

“…Representation of malware basically deals with how the collected malware samples are being transformed from specific format to another by applying certain techniques to represent them such as a system call representation technique (Mehdi et al, 2010) and Opcode sequences as representation of executable datamining-based (Santos et al, 2013). In this study, besides providing the researchers with full and comprehensive literature on malware definitions, types, various detection techniques and methods, we aim at giving researchers an idea about various techniques that are used for representing the malware samples as we will conduct a deep survey on some representations that are based on the major malware detection techniques.…”

Section: Introductionmentioning

confidence: 99%

“…In the case of the malware infecting executable codes when this happen the file or files got infected will be residing in memory the moment the user executes them and hence they will infect any other files that the user may execute afterwards. It has a tremendous negative impact on the computer security (Mehdi et al, 2010). With the use of antivirus programs and firewall many malware could be defeated "to some extent" especially those been very active through the network, but at the same time, if we disable the use of antivirus and firewalls for a single day, this may show strong proof of the fast spread of this malicious software.…”

Section: Introductionmentioning

confidence: 99%

Survey on Representation Techniques for Malware Detection System

Mohamed

Ithnin

2017

American Journal of Applied Sciences

View full text Add to dashboard Cite

Malicious programs are malignant software's designed by hackers or cyber offenders with a harmful intent to disrupt computer operation. In various researches, we found that the balance between designing an accurate architecture that can detect the malware and track several advanced techniques that malware creators apply to get variants of malware are always a difficult line. Hence the study of malware detection techniques has become more important and challenging within the security field. This review paper provides a detailed discussion and full reviews for various types of malware, malware detection techniques, various researches on them, malware analysis methods and different dynamic programmingbased tools that could be used to represent the malware sampled. We have provided a comprehensive bibliography in malware detection, its techniques and analysis methods for malware researchers.

show abstract

Towards a Theory of Generalizing System Call Representation for In-Execution Malware Detection

Cited by 25 publications

References 7 publications

Linux malware detection using non-parametric statistical methods

Linux malware detection using non-parametric statistical methods

Linux Malware Detection Using eXtended–Symmetric Uncertainty

Survey on Representation Techniques for Malware Detection System

Contact Info

Product

Resources

About