Malware Detection Using a Heterogeneous Distance Function

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F18%3A00324209" target="_blank" >RIV/68407700:21240/18:00324209 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.cai.sk/ojs/index.php/cai/index" target="_blank" >http://www.cai.sk/ojs/index.php/cai/index</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.4149/cai_2018_3_759" target="_blank" >10.4149/cai_2018_3_759</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Malware Detection Using a Heterogeneous Distance Function

Popis výsledku v původním jazyce

Classication of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual in- vestigation is not possible, automated malware classication is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neigh- bors classier and the statistical scoring technique from. We have extracted the most relevant features from portable executable (PE) le format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental re- sults show that the accuracy of our classier is 98.80%. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.

Název v anglickém jazyce

Malware Detection Using a Heterogeneous Distance Function

Popis výsledku anglicky

Classication of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual in- vestigation is not possible, automated malware classication is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neigh- bors classier and the statistical scoring technique from. We have extracted the most relevant features from portable executable (PE) le format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental re- sults show that the accuracy of our classier is 98.80%. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computing and Informatics

ISSN

1335-9150

e-ISSN

—

Svazek periodika

37

Číslo periodika v rámci svazku

3

Stát vydavatele periodika

SK - Slovenská republika

Počet stran výsledku

22

Strana od-do

759-780

Kód UT WoS článku

000441238100011

EID výsledku v databázi Scopus

—