首页 | 本学科首页   官方微博 | 高级检索  
     


A scalable multi-level feature extraction technique to detect malicious executables
Authors:Mohammad M. Masud  Latifur Khan  Bhavani Thuraisingham
Affiliation:(1) Department of Computer Science, The University of Texas at Dallas, 2700 Waterview Pkwy, #5116, Richardson, TX 75080, USA;(2) Department of Computer Science, The University of Texas at Dallas, Box 830688, EC 31, Richardson, TX 75083-0688, USA
Abstract:We present a scalable and multi-level feature extraction technique to detect malicious executables. We propose a novel combination of three different kinds of features at different levels of abstraction. These are binary n-grams, assembly instruction sequences, and Dynamic Link Library (DLL) function calls; extracted from binary executables, disassembled executables, and executable headers, respectively. We also propose an efficient and scalable feature extraction technique, and apply this technique on a large corpus of real benign and malicious executables. The above mentioned features are extracted from the corpus data and a classifier is trained, which achieves high accuracy and low false positive rate in detecting malicious executables. Our approach is knowledge-based because of several reasons. First, we apply the knowledge obtained from the binary n-gram features to extract assembly instruction sequences using our Assembly Feature Retrieval algorithm. Second, we apply the statistical knowledge obtained during feature extraction to select the best features, and to build a classification model. Our model is compared against other feature-based approaches for malicious code detection, and found to be more efficient in terms of detection accuracy and false alarm rate.
Contact Information Bhavani Thuraisingham (Corresponding author)Email:
Keywords:Disassembly  Feature extraction  Malicious executable   n-gram analysis
本文献已被 SpringerLink 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号