Affiliation:
1. Engineering Research Center of Digital Forensics, Nanjing University of Information Science and Technology, Ministry of Education, Nanjing 210044, China
2. School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing 210044, China
Abstract
In previous years, cybercriminals have utilized various strategies to evade identification, including obfuscation, confusion, and polymorphism technology, resulting in an exponential increase in the amount of malware that poses a serious threat to computer security. The use of techniques such as code reuse, automation, etc., also makes it more arduous to identify variant software in malware families. To effectively detect the families to which malware belongs, this paper proposed and discussed a new malware fusion feature set and classification system based on the BIG2015 dataset. We used a forward feature stepwise selection technique to combine plausible binary and assembly malware features to produce new and efficient fused features. A number of machine-learning techniques, including extreme gradient boosting (XGBoost), random forest, support vector machine (SVM), K-nearest neighbors (KNN), and adaptive boosting (AdaBoost), are used to confirm the effectiveness of the fusion feature set and malware classification system. The experimental findings demonstrate that the XGBoost algorithm’s classification accuracy on the fusion feature set suggested in this paper can reach 99.87%. In addition, we applied tree-boosting-based LightGBM and CatBoost algorithms to the domain of malware classification for the first time. On our fusion feature set, the corresponding classification accuracy can reach 99.84% and 99.76%, respectively, and the F1-scores can achieve 99.66% and 99.28%, respectively.
Funder
National Natural Science Foundation of China
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference50 articles.
1. Said, V., Eelly, E., Zag, E., and Murat, O. (2022). The Dangerous Combo: Fileless Malware and Cryptojacking. J. SoutheastCon, 125–132.
2. Cybersecurity gets smart;Greengard;Commun. ACM,2016
3. PROUD-MAL: Static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable;Rizvi;Complex Intell. Syst.,2022
4. Ensemble Model Ransomware Classification: A Static Analysis-based Approach;Johnson;Inventive Comput. Inf. Technol.,2022
5. Loi, N., Borile, C., and Ucci, D. (2022, December 05). Towards an Automated Pipeline for Detecting and Classifying Malware through Machine Learning. Available online: https://arxiv.org/abs/2106.05625.
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献