Metamorphic malware detection using opcode frequency rate and decision tree-Reference-Cited by-同舟云学术

Metamorphic malware detection using opcode frequency rate and decision tree

Published:2016-07 Issue:3 Volume:10 Page:67-86
ISSN:1930-1650
Container-title:International Journal of Information Security and Privacy
language:en
Short-container-title:

Author:

Fazlali Mahmood¹,Khodamoradi Peyman²,Mardukhi Farhad³,Nosrati Masoud²,Dehshibi Mohammad Mahdi⁴

Affiliation:

1. Department of Computer Science, Cyberspace Research Institute, Shahid Beheshti University, GC, Tehran, Iran

2. Department of Computer Engineering, Kermanshah Branch, Islamic Azad University, Kermanshah, Iran

3. Department of Computer Engineering, Razi University, Kermanshah, Iran

4. Pattern Research Center, Tehran, Iran

Abstract

Malware is defined as any type of malicious code that is the potent to harm a computer or a network. Modern malwares are accompanied with mutation characteristics, namely polymorphism and metamorphism. They let malwares to generate enormous number of variants. Rising number of metamorphic malwares entails hardship in analyzing them for signature extraction and database updates. In spite of the broad use of signature-based methods in the security products, they are not able detect the new unseen morphs of malware, and it is stemmed from changing the structure of malware as well as the signature in each infection. In this paper, a novel method is proposed in which the proportion of opcodes is used for detecting the new morphs. Decision trees are utilized for classification and detection of malware variants based on the rate of opcode frequencies. Three metrics for evaluating the proposed method are speed, efficiency and accuracy. It was observed in the course of experiments that speed and time complexity will not be challenging factors; because of the fast nature of extracting the frequencies of opcodes from source assembly file. Empirical validation reveals that the proposed method outperforms the entire commercial antivirus programs with a high level of efficiency and accuracy.

Publisher

IGI Global

Subject

Information Systems

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Network intrusion detection leveraging multimodal features;Array;2024-07

2. A Novel Feature Vector for AI-Assisted Windows Malware Detection;2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech);2023-11-14

3. Parallel Image Encryption Algorithm Using Partitioned Cellular Automata on Graphic Processor Unit;2023 IEEE International Conference on Omni-layer Intelligent Systems (COINS);2023-07-23

4. Study of Various Cyber Threats and Their Mitigation Techniques Requirements;Wireless Personal Communications;2023-03-23

5. Malware Analysis Using a Hybridised Model;2023