Metamorphic malware detection using machine learning

Commercially available antivirus software relies on a traditional malware detection technique known as signature-based malware detection which fails to counter unknown signatures of malicious software. Obfuscated malware such as polymorphic or metamorphic are capable of generating a unique signature...

Full description

Saved in:
Bibliographic Details
Main Author: Ahmed Ali, Mohammed Hasan Ali
Format: Thesis
Language:English
Published: 2020
Subjects:
Online Access:http://eprints.utm.my/id/eprint/93122/1/MohammedHasanAliMSKE2020.pdf
http://eprints.utm.my/id/eprint/93122/
http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:135979
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
Language: English
Description
Summary:Commercially available antivirus software relies on a traditional malware detection technique known as signature-based malware detection which fails to counter unknown signatures of malicious software. Obfuscated malware such as polymorphic or metamorphic are capable of generating a unique signature at each time of executing the malware code to avoid being detected by antivirus software. However, some imperative portions of the malicious code remain unaltered after the obfuscation process. This research project proposes an alternative method of malware detection by utilizing machine learning techniques in which informative textual string attributeswere employed as features in with the aim to increase the classifier accuracy and to decrease the computational overhead. In order to develop machine learning classifier models, two phases of learning were applied which are training and testing phases. In this project, benign and malware executable files were collected, then converted to assembly code using disassembler such as IDA Pro disassembler, and then preprocessed to determine the most significant features to aid the machine learning training stage. In addition, part of the collected dataset was obfuscated to be used as testing files in order to test the accuracy of the classifier. The obtained results generated by WEKA platform show that the generative classifier model based on the SMO algorithm has the highest accuracy level and the lowest time taken to build the model. Exploiting the most important textual strings as machine learning training features reduced the computational complexity in terms of the time taken to generate the model and the computing resources such as processing power and memory space. Malware classification using machine learning algorithms proofed to be more effective than traditional signature-based antivirus scanners.