Behavioural malware detection using efficient SVM implementation

Behavioural malware detection is a field where malware is detected by its behaviour rather than analysing the code of the program (binary calls etc.). AVG company provided us with a dataset containing behavioural features in order to improve their linear binary classifier. This classifier was a linear classifier, that needed to have false positive rate (FPR) on a subset of processes lower than 0.05%. This paper proposes an efficient feature representation for the training of this classifier on large-scale datasets using Support Vector Machines (SVM). We invented a memory efficient feature representation that can deal with large-scale datasets on a single machine and experimentally shown that the training times are even better than less efficient feature representations. Also we successfully created linear classifier, that has better true positive rate (TPR) on every operating point. The results are publicly available in the library LIBOCAS which is available on the internet as an open-source program and our research has updated it with binary feature handling methods.

[1]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[2]  Zhi-Hua Zhou,et al.  ML-KNN: A lazy learning approach to multi-label learning , 2007, Pattern Recognit..

[3]  Sören Sonnenburg,et al.  Optimized cutting plane algorithm for support vector machines , 2008, ICML '08.

[4]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[5]  Dawn Song,et al.  Malware Detection , 2010, Advances in Information Security.

[6]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[7]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[8]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[9]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).