Polymorphic malware detection using topological feature extraction with data mining | IEEE Conference Publication | IEEE Xplore

Polymorphic malware detection using topological feature extraction with data mining


Abstract:

In just a few short years, the number of polymorphic and metamorphic malware samples seen in the wild has grown exponentially, and the automated malware detection apparat...Show More

Abstract:

In just a few short years, the number of polymorphic and metamorphic malware samples seen in the wild has grown exponentially, and the automated malware detection apparatus which is largely signature-based finds itself virtually and practically useless for these new types of attacks. New detection methods are needed in order to better defend networks, protect data and preserve overall internet operations. This paper offers a novel approach to extract, analyze and combine multiple high level factors to determine “malicious or benign” files. These factors include file characteristics, internal file properties and dynamic run-time relationships. This paper presents a unique approach leveraging topological examination using static and dynamic analysis. Belief Propagation (BP) is achieved through data mining techniques in order to uncover and spotlight the properties of malicious files. The proposed approach directly captures the file-properties and can therefore identify malicious files with impressive detection rates (.9999) and low false positives (.0001). This novel approach should prove to be faster than a large reputation database and performs well for small sample sizes.
Published in: SoutheastCon 2016
Date of Conference: 30 March 2016 - 03 April 2016
Date Added to IEEE Xplore: 09 July 2016
ISBN Information:
Electronic ISSN: 1558-058X
Conference Location: Norfolk, VA, USA

I. Introduction

There is currently no effective method to detect the infection from polymorphic malicious software (malware) across the enterprise. The ability to detect the infection and propagation of polymorphic malware across the enterprise through network, email, and host is a major challenge for system-owners and cyber-security professionals. Polymorphic and metamorphic malware change their signatures as they spread across the enterprise rendering signature-based detection practically useless. The growth of polymorphic malware threats continues to far exceed the security industry's projections and estimates. McAfee Labs collected over 200 million malware samples in Q1 2014 (January through March) [1]. The majority of these samples were polymorphic malware detected and collected due to the “suspicious” nature of the signature or behavioral issues with network protection devices or security appliances.

References

References is not available for this document.