Abstract
The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program’s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The classifier used is a support vector machine and is configured to select those features to produce the optimal classification of malware over different program run lengths. The findings demonstrate that malware can be detected using dynamic analysis with relatively few opcodes.
Highlights
The malware industry has evolved into a well-organized $Billion marketplace operated by well-funded, multiplayer syndicates that have invested large sums of money into malicious technologies, capable of evading traditional detection systems
The proposed approach is the detection of malware using a support vector machine (SVM) on the feature extracted during program execution
The experimental work carried out in this research investigated the use of an SVM to detect malware
Summary
The malware industry has evolved into a well-organized $Billion marketplace operated by well-funded, multiplayer syndicates that have invested large sums of money into malicious technologies, capable of evading traditional detection systems. Tian et al [5] explored a method for classifying Trojan malware and demonstrated that function length plays a significant role in classifying malware and if combined with other features could result in an improvement in malware classification These techniques are subverted with the addition of innocuous API calls. Lakhotia et al [7] investigated stack operations as a means to detect obfuscated function calls His method modelled stack operation based on push, pop and rets opcodes. Other dynamic analysis approaches use API calls to classify malware, which can be obfuscated by malware writers These experiments seek to identify run-time features (below the API calls) that can be used to identify malware.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
