Nonnegative matrix factorization and metamorphic malware detection

Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In th...

Full description

Saved in:
Bibliographic Details
Main Authors: Ling, Yeong Tyng, Nor Fazlida, Mohd Sani, Mohd Taufik, Abdullah, Nor Asilah Wati, Abdul Hamid
Format: Article
Language:English
Published: Springer Nature Switzerland AG 2019
Subjects:
Online Access:http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf
http://ir.unimas.my/id/eprint/31790/
https://link.springer.com/article/10.1007/s11416-019-00331-0
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Malaysia Sarawak
Language: English
id my.unimas.ir.31790
record_format eprints
spelling my.unimas.ir.317902022-09-14T07:26:55Z http://ir.unimas.my/id/eprint/31790/ Nonnegative matrix factorization and metamorphic malware detection Ling, Yeong Tyng Nor Fazlida, Mohd Sani Mohd Taufik, Abdullah Nor Asilah Wati, Abdul Hamid QA75 Electronic computers. Computer science Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%. Springer Nature Switzerland AG 2019 Article PeerReviewed text en http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf Ling, Yeong Tyng and Nor Fazlida, Mohd Sani and Mohd Taufik, Abdullah and Nor Asilah Wati, Abdul Hamid (2019) Nonnegative matrix factorization and metamorphic malware detection. Journal of Computer Virology and Hacking Techniques, 15. pp. 195-208. ISSN 2263-8733 https://link.springer.com/article/10.1007/s11416-019-00331-0 DOI:org/10.1007/s11416-019-00331-0
institution Universiti Malaysia Sarawak
building Centre for Academic Information Services (CAIS)
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaysia Sarawak
content_source UNIMAS Institutional Repository
url_provider http://ir.unimas.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Ling, Yeong Tyng
Nor Fazlida, Mohd Sani
Mohd Taufik, Abdullah
Nor Asilah Wati, Abdul Hamid
Nonnegative matrix factorization and metamorphic malware detection
description Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.
format Article
author Ling, Yeong Tyng
Nor Fazlida, Mohd Sani
Mohd Taufik, Abdullah
Nor Asilah Wati, Abdul Hamid
author_facet Ling, Yeong Tyng
Nor Fazlida, Mohd Sani
Mohd Taufik, Abdullah
Nor Asilah Wati, Abdul Hamid
author_sort Ling, Yeong Tyng
title Nonnegative matrix factorization and metamorphic malware detection
title_short Nonnegative matrix factorization and metamorphic malware detection
title_full Nonnegative matrix factorization and metamorphic malware detection
title_fullStr Nonnegative matrix factorization and metamorphic malware detection
title_full_unstemmed Nonnegative matrix factorization and metamorphic malware detection
title_sort nonnegative matrix factorization and metamorphic malware detection
publisher Springer Nature Switzerland AG
publishDate 2019
url http://ir.unimas.my/id/eprint/31790/3/Nonnegative.pdf
http://ir.unimas.my/id/eprint/31790/
https://link.springer.com/article/10.1007/s11416-019-00331-0
_version_ 1744357756795617280