Abstract
This paper presents a novel solution for detecting rare and mutating malware programs and provides a strategy to address the scarcity of datasets for modeling these types of malware. To provide sufficient training data for malware behavioral modeling, genetic algorithms are used together with an optimization strategy that selectively creates generations of mutated elite malware samples. In our unique method, a sequence of system API calls is extracted using tracker filter drivers in a sandbox environment. The most obfuscated and metamorphic malware are chosen by an elite selection method. The behavioral chromosomes are formed by mapping extracted APIs to genes using linear regression. Our analysis system includes an Internet simulator and a human emulator to deceive intelligent classes of malware to successfully execute themselves and prevent system halting. The evolution process is performed through crossover and permutation of genes, which are encoded based on the addresses of the kernel-level system functions. An objective function has been defined to optimize the vital indicators of malignancy and tracking rate with a linear time complexity. This guarantees that new generations of malware are more destructive and stealthy than their parents. J48 and deep neural networks were employed in our experiments as they are two popular modeling and classification strategies in the area of behavioral malware detection. Real-world malware samples from valid references were used for the performance evaluation of our approach. Comprehensive scenarios were involved in the experiments to evaluate the performance of our proposed strategy. The results demonstrate significant improvement in detection accuracy - up to 5% considering rare and metamorphic malware. The results also demonstrated a considerable enhancement in true positive rate for the proposed deep-learning algorithm.
Highlights
The number of malware attacks has considerably increased in recent years
This paper defined a novel malware detection strategy that used a combination of a succinct feature extraction method and creating an optimized dataset utilizing a modified genetic algorithm
The method proposed in this paper used genetic algorithms to conduct the evolution of rare malware through crossover and mutation processes in behavioral genes to generate a suitable dataset to train the model for malware detection
Summary
The number of malware attacks has considerably increased in recent years. More than 1.1 billion pieces of malware were released in 2020 alone, of which more than 89 million were created for the Microsoft Windows platform [1]. The proliferation of malware programs is partly brought about by the advances in areas such as automated code generation tools, novel code protection methods [3], obfuscation engines, and packers These advances have been used maliciously to develop novel intelligent malware with polymorphic and metamorphic characteristics. The existence of these tools and technologies has created an opportunity for malicious programmers to harness the power of self-modification and obfuscation already provided in ready-to-use engines to release hundreds of executable versions of a basic malware. All these malware programs are pursuing a single malicious goal - but from different channels.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
