Nonnegative matrix factorization and metamorphic malware detection
Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In th...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Springer Nature Switzerland AG
2019
|
Subjects: | |
Online Access: | http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf http://ir.unimas.my/id/eprint/31790/ https://link.springer.com/article/10.1007/s11416-019-00331-0 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Malaysia Sarawak |
Language: | English |
id |
my.unimas.ir.31790 |
---|---|
record_format |
eprints |
spelling |
my.unimas.ir.317902022-09-14T07:26:55Z http://ir.unimas.my/id/eprint/31790/ Nonnegative matrix factorization and metamorphic malware detection Ling, Yeong Tyng Nor Fazlida, Mohd Sani Mohd Taufik, Abdullah Nor Asilah Wati, Abdul Hamid QA75 Electronic computers. Computer science Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%. Springer Nature Switzerland AG 2019 Article PeerReviewed text en http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf Ling, Yeong Tyng and Nor Fazlida, Mohd Sani and Mohd Taufik, Abdullah and Nor Asilah Wati, Abdul Hamid (2019) Nonnegative matrix factorization and metamorphic malware detection. Journal of Computer Virology and Hacking Techniques, 15. pp. 195-208. ISSN 2263-8733 https://link.springer.com/article/10.1007/s11416-019-00331-0 DOI:org/10.1007/s11416-019-00331-0 |
institution |
Universiti Malaysia Sarawak |
building |
Centre for Academic Information Services (CAIS) |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Malaysia Sarawak |
content_source |
UNIMAS Institutional Repository |
url_provider |
http://ir.unimas.my/ |
language |
English |
topic |
QA75 Electronic computers. Computer science |
spellingShingle |
QA75 Electronic computers. Computer science Ling, Yeong Tyng Nor Fazlida, Mohd Sani Mohd Taufik, Abdullah Nor Asilah Wati, Abdul Hamid Nonnegative matrix factorization and metamorphic malware detection |
description |
Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%. |
format |
Article |
author |
Ling, Yeong Tyng Nor Fazlida, Mohd Sani Mohd Taufik, Abdullah Nor Asilah Wati, Abdul Hamid |
author_facet |
Ling, Yeong Tyng Nor Fazlida, Mohd Sani Mohd Taufik, Abdullah Nor Asilah Wati, Abdul Hamid |
author_sort |
Ling, Yeong Tyng |
title |
Nonnegative matrix factorization and metamorphic malware
detection |
title_short |
Nonnegative matrix factorization and metamorphic malware
detection |
title_full |
Nonnegative matrix factorization and metamorphic malware
detection |
title_fullStr |
Nonnegative matrix factorization and metamorphic malware
detection |
title_full_unstemmed |
Nonnegative matrix factorization and metamorphic malware
detection |
title_sort |
nonnegative matrix factorization and metamorphic malware
detection |
publisher |
Springer Nature Switzerland AG |
publishDate |
2019 |
url |
http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf http://ir.unimas.my/id/eprint/31790/ https://link.springer.com/article/10.1007/s11416-019-00331-0 |
_version_ |
1744357756795617280 |