Intelligent OS X malware threat detection with code inspection

With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset.

[1]  Zhenkai Liang,et al.  Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android , 2016, IEEE Transactions on Information Forensics and Security.

[2]  R. J. Mangialardo,et al.  Integrating Static and Dynamic Malware Analysis Using Machine Learning , 2015, IEEE Latin America Transactions.

[3]  Broderick Ian Aquilino FLASHBACK OS X MALWARE , 2012 .

[4]  Engin Kirda,et al.  Hypervisor-based malware protection with AccessMiner , 2015, Comput. Secur..

[5]  Bhavani M. Thuraisingham,et al.  A Hybrid Model to Detect Malicious Executables , 2007, 2007 IEEE International Conference on Communications.

[6]  Thorsten Joachims,et al.  Text Categorization with Support Vector Machines: Learning with Many Relevant Features , 1998, ECML.

[7]  Golden G. Richard,et al.  Advancing Mac OS X rootkit detection , 2015, Digit. Investig..

[8]  Zexuan Zhu,et al.  Wrapper–Filter Feature Selection Algorithm Using a Memetic Framework , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[9]  Nouman Azam,et al.  A three-way decision making approach to malware analysis using probabilistic rough sets , 2016, Inf. Sci..

[10]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[11]  Roberto Di Pietro,et al.  Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware , 2016, IEEE Transactions on Mobile Computing.

[12]  Trevor Hastie,et al.  Imputing Missing Data for Gene Expression Arrays , 2001 .

[13]  Ali Dehghantanha,et al.  Investigation of bypassing malware defences and malware detections , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[14]  Golden G. Richard,et al.  In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux , 2014, Digit. Investig..

[15]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[16]  Anthony Widjaja,et al.  Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond , 2003, IEEE Transactions on Neural Networks.

[17]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[18]  Hiroki Takakura,et al.  Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[19]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[20]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[21]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[22]  Aziz Mohaisen,et al.  AMAL: High-fidelity, behavior-based automated malware analysis and classification , 2014, Comput. Secur..

[23]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[24]  Sakir Sezer,et al.  High accuracy android malware detection using ensemble learning , 2015, IET Inf. Secur..

[25]  Albert Y. Zomaya,et al.  A Survey of Mobile Device Virtualization , 2016, ACM Comput. Surv..

[26]  Lior Rokach,et al.  Novel active learning methods for enhanced PC malware detection in windows OS , 2014, Expert Syst. Appl..

[27]  Yuval Elovici,et al.  ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology , 2017, IEEE Transactions on Information Forensics and Security.

[28]  Paolo Gastaldo,et al.  Machine Learning-Based System for Detecting Unseen Malicious Software , 2014, ApplePies.

[29]  Amnon Shashua,et al.  Introduction to Machine Learning: Class Notes 67577 , 2009, ArXiv.

[30]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[31]  Joseph Gardiner,et al.  On the Security of Machine Learning in Malware C&C Detection , 2016, ACM Comput. Surv..

[32]  Md. Rafiqul Islam,et al.  Hybrids of support vector machine wrapper and filter based framework for malware detection , 2016, Future Gener. Comput. Syst..

[33]  Ali Dehghantanha,et al.  Trends In Android Malware Detection , 2013, J. Digit. Forensics Secur. Law.

[34]  Elizabeth Walkup Mac Malware Detection via Static File Structure Analysis , 2014 .