Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model
Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection. Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context of metamorphic malware detection. However, it would b...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2021
|
| Subjects: | |
| Online Access: | http://ir.unimas.my/id/eprint/37348/1/Ling%20Yeong%20Tyng.pdf http://ir.unimas.my/id/eprint/37348/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.unimas.ir.37348 |
|---|---|
| record_format |
eprints |
| spelling |
my.unimas.ir.373482021-12-20T02:11:53Z http://ir.unimas.my/id/eprint/37348/ Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model Ling, Yeong Tyng Nor Fazlida, M Sani Mohd Taufik, Abdullah Nor Asilah Wati Abdul, Hamid QA75 Electronic computers. Computer science Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection. Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context of metamorphic malware detection. However, it would be more feasible to extract a file feature at fine-grained level. In this paper, we propose a novel detection approach by generating structural features through computing a stream of byte chunks using compression ratio, entropy, Jaccard similarity coefficient and Chi-square statistic test. Nonnegative Matrix Factorization is also considered to reduce the feature dimensions. We then use the coefficient vectors from the reduced space to train Hidden Markov Model. Experimental results show there is different performance between malware detection and classification among the proposed structural features. Springer 2021 Article NonPeerReviewed text en http://ir.unimas.my/id/eprint/37348/1/Ling%20Yeong%20Tyng.pdf Ling, Yeong Tyng and Nor Fazlida, M Sani and Mohd Taufik, Abdullah and Nor Asilah Wati Abdul, Hamid (2021) Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model. Journal of Computer Virology and Hacking Techniques. pp. 1-21. 10.1007/s11416-021-00404-z |
| institution |
Universiti Malaysia Sarawak |
| building |
Centre for Academic Information Services (CAIS) |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Sarawak |
| content_source |
UNIMAS Institutional Repository |
| url_provider |
http://ir.unimas.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Ling, Yeong Tyng Nor Fazlida, M Sani Mohd Taufik, Abdullah Nor Asilah Wati Abdul, Hamid Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| description |
Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection.
Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context
of metamorphic malware detection. However, it would be more feasible to extract a file feature at fine-grained level. In this
paper, we propose a novel detection approach by generating structural features through computing a stream of byte chunks
using compression ratio, entropy, Jaccard similarity coefficient and Chi-square statistic test. Nonnegative Matrix Factorization
is also considered to reduce the feature dimensions. We then use the coefficient vectors from the reduced space to train Hidden
Markov Model. Experimental results show there is different performance between malware detection and classification among
the proposed structural features. |
| format |
Article |
| author |
Ling, Yeong Tyng Nor Fazlida, M Sani Mohd Taufik, Abdullah Nor Asilah Wati Abdul, Hamid |
| author_facet |
Ling, Yeong Tyng Nor Fazlida, M Sani Mohd Taufik, Abdullah Nor Asilah Wati Abdul, Hamid |
| author_sort |
Ling, Yeong Tyng |
| title |
Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| title_short |
Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| title_full |
Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| title_fullStr |
Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| title_full_unstemmed |
Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| title_sort |
metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model |
| publisher |
Springer |
| publishDate |
2021 |
| url |
http://ir.unimas.my/id/eprint/37348/1/Ling%20Yeong%20Tyng.pdf http://ir.unimas.my/id/eprint/37348/ |
| _version_ |
1720440444322578432 |
| score |
13.160551 |