Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6884630 | Journal of Information Security and Applications | 2017 | 10 Pages |
Abstract
Classification of malware samples plays a crucial role in building and maintaining security. Design of a malware classification system capable of supporting a large set of samples and adaptable to model changes at runtime is required to identify the high number of malware variants. In this paper, file system, network, registry activities observed during the execution traces and n-gram modeling over API-call sequences are used to represent behavior based features of a malware. We present a methodology to build the feature vector by using run-time behaviors by applying online machine learning algorithms for classification of malware samples in a distributed and scalable architecture. To validate the effectiveness and scalability, we evaluate our method on 17,900 recent malign codes such as viruses, trojans, backdoors, worms. Our experimental results show that the presented malware classification's training and testing accuracy is reached at 94% and 92.5%, respectively.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Abdurrahman PektaÅ, Tankut Acarman,