Detection of Malware using the DHP Algorithm and Logistic Regression Analysis

Abstract

The proliferation of computer networks has helped to further develop the software industry. However,this has been accompanied by an increase in the numbers of several types of malware. Therefore,research efforts have been directed towards detecting malware’ actions and identifying certain executionfiles based on their Application Programming Interface (API) data. The majority of contemporaryantivirus programs employ a signature detection technique; however, the number of signaturesis very limited whereas the number of malware is increasing rapidly, which leads to a very highfalse detection rate. To address this issue, In this paper suggests a Malware analysis and detectionmethod using an association rule mining algorithm and logistic regression analysis. By using theDirect Hashing and Pruning (DHP) algorithm, the API of the malware and the normal codes withina Portable Executable (PE) file are compiled as a hash table. Association pattern rules are probed togroup the patterns. theassociation rule patterns extracted through this research reduced false detectionrates when classificationwas carried out using the logistic regression analysis, and the discriminationresult was shown to begreater than 0.7.