论文信息 - Malware family classification method based on static feature extraction

Malware family classification method based on static feature extraction

With the development of malicious code engineering, new malware samples carry variability and polymorphism, which makes the malware variants show an increasingly growing trend. Traditional signature-based detection methods can hardly detect such variants so that it is significant for the cyber security field to analyze and detect large-scale malware samples by means of machine learning. Based on 65,536 malware samples, this paper proposed a classification method of malware family on the basis of static feature extraction using features from three aspects including bytecode features, assembler code features and PE features. We designed a series of experiments to test the features we chose and compared eight classifiers to find a better one. After feature selection and feature fusion processes we finally achieved an F1 score of 93.56% by random forest classifier.

[1] Yoseba K. Penya,et al. Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[2] Douglas S. Reeves,et al. Fast malware classification by automated behavioral graph matching , 2010, CSIIRW '10.

[3] B. S. Manjunath,et al. Malware images: visualization and automatic classification , 2011, VizSec '11.

[4] Ashkan Sami,et al. Using feature generation from API calls for malware detection , 2014 .

[5] Muddassar Farooq,et al. Towards a Theory of Generalizing System Call Representation for In-Execution Malware Detection , 2010, 2010 IEEE International Conference on Communications.

[6] Salvatore J. Stolfo,et al. Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7] Carsten Willems,et al. Learning and Classification of Malware Behavior , 2008, DIMVA.

[8] Claudia Eckert,et al. Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[9] Katrin Franke,et al. Study of Soft Computing Methods for Large-Scale Multinomial Malware Types and Families Detection , 2016, WCSC.