Classification of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual investigation is not possible, automated malware classification is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neighbors classifier and the statistical scoring technique from [12]. We have extracted the most relevant features from portable executable (PE) file format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental results show that the accuracy of our classifier is 98.80 %. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.
Publié le : 2018-07-26
Classification:
Theoretical Foundations; Software Engineering; Knowledge and Information Engineering,
Malware detection system, feature selection, similarity measure, k-nearest neighbors classifier, partitioning around medoids
@article{cai2018_3_759,
author = {Martin Jure\v cek; Faculty of Information Technology, Czech Technical University in Prague and R\'obert L\'orencz; Faculty of Information Technology, Czech Technical University in Prague},
title = {Malware Detection Using a Heterogeneous Distance Function},
journal = {Computing and Informatics},
volume = {36},
number = {6},
year = {2018},
language = {en},
url = {http://dml.mathdoc.fr/item/cai2018_3_759}
}
Martin Jureček; Faculty of Information Technology, Czech Technical University in Prague; Róbert Lórencz; Faculty of Information Technology, Czech Technical University in Prague. Malware Detection Using a Heterogeneous Distance Function. Computing and Informatics, Tome 36 (2018) no. 6, . http://gdmltest.u-ga.fr/item/cai2018_3_759/