• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Arabian Journal for Science and Engineering >Heterogeneous Opcode Space for Metamorphic Malware Detection
【24h】

Heterogeneous Opcode Space for Metamorphic Malware Detection

机译:用于变形恶意软件检测的异构操作码空间

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Metamorphic viruses are equipped with morphing engine responsible for transforming the structure of the code in subsequent generations, thereby retaining the malicious behavior. Thus, commercial anti-virus software based on signature approach is unable to identify the unknown or zero-day malware. Each metamorphic malware has its own unique pattern since its internal structure changes from generation to generation. Hence, detection of these viruses is a challenge for researchers working on computer security. The degree of metamorphism in the dataset is estimated by aligning the locations of common opcodes using Smith-Waterman sequence alignment method suggesting that a generic pattern representing malware or benign classes cannot be extracted, thus demonstrating the failure of signature-based approach. The proposed statistical non-signature-based detector creates two different meta feature spaces each comprising 25 attributes for their detection. Three categories of opcode features are extracted from each sample: (a) branch opcodes, (b) unigrams and (c) bigrams. Insignificant features are initially eliminated using the Na < ve Bayes approach; obtained feature space is further reduced using two feature reduction techniques: (1) Discriminant Feature Variance-based Approach (DFVA) and (2) Markov Blanket. Learning models are created using the prominent attributes obtained from each dimensionality reduction methods. The models which provided the highest accuracy at minimum feature length were retained, and unseen instances are classified using these optimal models. Later, two meta feature spaces were generated by ensembling the prominent branch, unigram and bigram opcodes obtained from DFVA and Markov Blanket. Both feature reduction techniques were found to be equally efficient in detecting the metamorphic malware samples. The proposed system detected Metamorphic Worm and Next Generation Virus Construction Kit viruses with 100 % accuracy, Precision 1.0, Recall 1.0 and a promising F1-score of 1.0 is achieved. The results demonstrate the efficiency of the proposed metamorphic malware detector, and we thus recommend that this approach can be used to assist commercial AV scanners.
机译:变态病毒配备了负责在后代中转换代码结构的变体引擎,从而保留了恶意行为。因此,基于签名方法的商业防病毒软件无法识别未知或零日恶意软件。每个变态的恶意软件都有其独特的模式,因为其内部结构世代相传。因此,对于致力于计算机安全的研究人员而言,检测这些病毒是一项挑战。通过使用Smith-Waterman序列比对方法比对常见操作码的位置来估计数据集中的变质程度,这表明无法提取代表恶意软件或良性类的通用模式,从而证明了基于签名的方法的失败。所提出的基于非签名的统计检测器创建两个不同的元特征空间,每个特征空间包括25个用于检测的属性。从每个样本中提取三类操作码功能:(a)分支操作码,(b)字母组合和(c)双字组。最初使用朴素贝叶斯方法消除了微不足道的功能;使用两种特征约简技术进一步缩小了获得的特征空间:(1)判别基于特征方差的方法(DFVA)和(2)马尔可夫毯子。使用从每种降维方法获得的突出属性创建学习模型。保留了在最小特征长度下提供最高精度的模型,并使用这些最佳模型对看不见的实例进行了分类。后来,通过整合从DFVA和Markov Blanket获得的突出分支,unigram和bigram操作码,生成了两个元特征空间。发现这两种功能约简技术在检测变形的恶意软件样本方面同样有效。拟议的系统以100%的准确度,Precision 1.0,Recall 1.0和有希望的F1分数实现了100%的准确率检测变态蠕虫和下一代病毒构建套件病毒。结果证明了拟议的变态恶意软件检测器的效率,因此我们建议该方法可用于辅助商用AV扫描仪。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号