Abstract

Malware have become the scourge of the century, as they are continuously evolving and becoming more complex with increasing damages. Therefore, an adequate protection against such threats is vital. Behavior-based malware detection techniques have shown to be effective at overcoming the weaknesses of the signature-based ones. However, they are known for their high false alarms, which is still a very challenging problem. In this article, we address this shortcoming by proposing a rule-based behavioral malware detection system, which inherits the advantages of both signature and behavior-based approaches. We apply the proposed detection system on a combined set of three types of dynamic features, namely, (1) list of application programming interface calls; (2) application programming interface sequences; and (3) network traffic, which represents the IP addresses and domain names used by malware to connect to remote command-and-control servers. Feature selection and construction techniques, that is, term frequency–inverse document frequency and longest common subsequence, are performed on the three extracted features to generate new set of features, which are used to build behavioral Yet Another Recursive Acronym rules. The proposed malware detection approach is able to achieve an accuracy of 97.22% and a false positive rate of 4.69%.

Highlights

  • Malware remain so far the major threat against the Internet

  • To evaluate the performance of our malware detection system, we use a data set of 604 Windows Portable Executable 32 (PE32) malware and benign programs

  • We present the best features obtained according to their degrees of relevance after applying LCS and terminal frequency (TF)-inverse document frequency (IDF)

Read more

Summary

Introduction

Malware (i.e. malicious software) remain so far the major threat against the Internet. A malware is a computer program that is designed to accomplish unauthorized actions without the user’s consent.[1] Malware exist in various forms such as viruses, Trojans, worms, and so on, and are at the origin of most of the cyber attacks. They can be used to spread spams, which represent more than half (55%) of all the exchanged emails,[2] and 26% of spams are malicious.[3] malware can be used to launch targeted attacks such as distributed denial of service (DDoS),[4] which can have devastating consequences. Cyber attacks cost the global economy billions, and even trillions of dollars, every year.[5,6]

Objectives
Results
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call