Citation
Abstract
Metamorphic malware modifies its code structure using a morphing engine to evade traditional signature-based detection. Previous research has shown the use of opcode instructions as feature representation with Hidden Markov Model in the context of metamorphic malware detection. However, it would be more feasible to extract a file feature at fine-grained level. In this paper, we propose a novel detection approach by generating structural features through computing a stream of byte chunks using compression ratio, entropy, Jaccard similarity coefficient and Chi-square statistic test. Nonnegative Matrix Factorization is also considered to reduce the feature dimensions. We then use the coefficient vectors from the reduced space to train Hidden Markov Model. Experimental results show there is different performance between malware detection and classification among the proposed structural features.
Download File
Full text not available from this repository.
Official URL or Download Paper: https://link.springer.com/article/10.1007/s11416-0...
|
Additional Metadata
| Item Type: | Article |
|---|---|
| Divisions: | Faculty of Computer Science and Information Technology |
| DOI Number: | https://doi.org/10.1007/s11416-021-00404-z |
| Publisher: | Springer Cham |
| Keywords: | Hidden Markov model; Metamorphic malware; Nonnegative matrix factorization; Structural feature |
| Depositing User: | Ms. Ainur Aqidah Hamzah |
| Date Deposited: | 29 Mar 2023 01:30 |
| Last Modified: | 29 Mar 2023 01:30 |
| Altmetrics: | http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.1007/s11416-021-00404-z |
| URI: | http://psasir.upm.edu.my/id/eprint/94169 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |