Internet Archive Scholar

Metamorphic Malware Detection Based on Support Vector Machine Classification of Malware Sub-Signatures

Ban Mohammed Khammas, Alireza Monemi, Ismahani Ismail, Sulaiman Mohd Nor, M.N. Marsono
2016 TELKOMNIKA (Telecommunication Computing Electronics and Control)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (414.6 kB)
https://web.archive.org/web/20180418013654/http://journal.uad.ac.id/index.php/TELKOMNIKA/article/viewFile/3850/2763

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection that can circumvent signature matching detection. However, some vital functionalities and code segments remain unchanged between mutations. We exploit these unchanged features by the mean of classification using Support Vector Machine (SVM). N-gram features are extracted directly from malware binaries to avoid disassembly, which
more » ... these features are then masked with the extracted known malware signature n-grams. These masked features reduce the number of selected n-gram features considerably. Our method is capable to accurately detect metamorphic malware with~99% accuracy and low false positive rate. The proposed method is also superior to commercially available anti-viruses for detecting metamorphic malware.
doi:10.12928/telkomnika.v14i3.3850 fatcat:z4ryzzozv5e2jhe3ka7kupesei
Szczepanski
Citation

Ban Mohammed Khammas, Alireza Monemi, Ismahani Ismail, Sulaiman Mohd Nor, M.N. Marsono. "Metamorphic Malware Detection Based on Support Vector Machine Classification of Malware Sub-Signatures." TELKOMNIKA (Telecommunication Computing Electronics and Control) 14.3 (2016) 1157