Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey

Shabtai, Asaf; Moskovitch, Robert; Elovici, Yuval; Glezer, Chanan

doi:10.1016/j.istr.2009.03.003

Cited by 262 publications

(115 citation statements)

References 37 publications

(62 reference statements)

Supporting

Mentioning

115

Contrasting

Order By: Relevance

“…Bilar [6] proposed using mnemonics of assembly instructions from file content as a predictor for malware. Statistical machine learning and data science methods [9] have been increasingly used for malware detection, including approaches based on support vector machines, logistic regression, Naïve Bayes, neural networks, deep learning, wavelet transforms, decision trees and k-nearest neighbors [4,8,13,16,[29][30][31][32]37].…”

Section: Related Workmentioning

confidence: 99%

“…Even though several machine learning classifiers [30] and digital forensics methods [10] have been used for file analysis and malware detection, this work is the first to use time series shapelets in the computer security domain in general, and for malware detection in particular. We believe shapelets are inherently wellsuited to malware detection as they identify local discriminative patterns, and identifying these patterns helps identify unknown malware.…”

Section: Motivationmentioning

confidence: 99%

“…Effective statistical learning approaches can automatically find root patterns behind execution of a malicious file to build a model that can accurately and quickly classify new malware [3,4,[29][30][31][32]35]. We propose a new approach for malware detection from Microsoft portable executable (PE) files [26] using an advanced time series classification approach, which can pick up local discriminative features from data.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Discovering Malware with Time Series Shapelets

Patri¹,

Wojnowicz²,

Wolff³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Discovering Malware with Time Series Shapelets

Patri¹,

Wojnowicz²,

Wolff³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…It has been observed that each of the two approaches had some limitations. Further antivirus vendors attempted to use individual as well as hybrid analysis approach for mining features and tackling newly emerging malwares [1]. They achieved a precise detection rate and low false positives compared to existing malware detection methods.…”

Section: Introductionmentioning

confidence: 99%

Comparative Analysis of Feature Extraction Methods of Malware Detection

Ranveer¹,

Hiray²

2015

IJCA

View full text Add to dashboard Cite

Recent years have encountered massive growth in malwares which poses a severe threat to modern computers and internet security. Existing malware detection systems are confronting with unknown malware variants. Recently developed malware detection systems investigated that the diverse forms of malware exhibit similar patterns in their structure with minor variations. Hence, it is required to discriminate the types of features extracted for detecting malwares. So that potential of malware detection system can be leveraged to combat with unfamiliar malwares. We mainly focus on the categorization of features based on malware analysis. This paper highlights general framework of malware detection system and pinpoints strengths and weaknesses of each method. Finally we presented overview of performance of present malware detection systems based on features.

show abstract

“…Additionally, opcode sequences have recently been introduced as an alternative to byte n-grams (Dolev and Tzachar, 2008;Santos et al, 2010;Moskovitch et al, 2008a). This approach appears to be theoretically better because it relies on source code rather than the bytes of a binary file (Christodorescu, 2007) (for a more detailed review of static features for machine-learning unknown malware detection refer to Shabtai et al (2009)). …”

Section: Introductionmentioning

confidence: 99%

Using opcode sequences in single-class learning to detect unknown malware

et al. 2011

View full text Add to dashboard Cite

Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signaturebased detection is the most widespread method used in commercial antivirus programs, it consistently fails to detect new malware. Supervised machinelearning models have been used to address this issue. However, the use of supervised learning is limited because it needs a large amount of malicious code and benign software to first be labelled. In this paper, we propose a new method that uses single-class learning to detect unknown malware families. This method is based on examining the frequencies of the appearance of opcode sequences to build a machine-learning classifier using only one set of labelled instances within a specific class of either malware or legitimate software. We performed an empirical study that shows that this method can reduce the effort of labelling software while maintaining high accuracy. * Corresponding author Email addresses: isantos@deusto.es (Igor Santos), felix.brezo@deusto.es (Felix Brezo), borja.sanz@deusto.es (Borja Sanz), claorden@deusto.es (Carlos Laorden), pablo.garcia.bringas@deusto.es (Pablo G. Bringas)

show abstract

Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey

Cited by 262 publications

References 37 publications

Discovering Malware with Time Series Shapelets

Discovering Malware with Time Series Shapelets

Comparative Analysis of Feature Extraction Methods of Malware Detection

Using opcode sequences in single-class learning to detect unknown malware

Contact Info

Product

Resources

About