Feature reduction to speed up malware classification

Moonsamy, Veelasha, Tian, Ronghua and Batten, Lynn 2011, Feature reduction to speed up malware classification, in NordSec 2011 : Information security technology for applications : Proceedings of the 16th Nordic Conference in Secure IT Systems, Springer, Heidelberg, Germany, pp. 176-188.

Attached Files
Name Description MIMEType Size Downloads

Title Feature reduction to speed up malware classification
Author(s) Moonsamy, Veelasha
Tian, Ronghua
Batten, Lynn
Conference name Nordic Conference in Secure IT Systems (16th : 2011 : Tallinn, Estonia)
Conference location Tallinn, Estonia
Conference dates 26-28 Oct. 2011
Title of proceedings NordSec 2011 : Information security technology for applications : Proceedings of the 16th Nordic Conference in Secure IT Systems
Editor(s) Laud, Peeter
Publication date 2011
Series Lecture notes in computer science, v7161
Conference series Nordic Conference in Secure IT Systems
Start page 176
End page 188
Total pages 13
Publisher Springer
Place of publication Heidelberg, Germany
Keyword(s) dynamic analysis
feature reduction
malware classification
Summary In statistical classification work, one method of speeding up the process is to use only a small percentage of the total parameter set available. In this paper, we apply this technique both to the classification of malware and the identification of malware from a set combined with cleanware. In order to demonstrate the usefulness of our method, we use the same sets of malware and cleanware as in an earlier paper. Using the statistical technique Information Gain (IG), we reduce the set of features used in the experiment from 7,605 to just over 1,000. The best accuracy obtained in the former paper using 7,605 features is 97.3% for malware versus cleanware detection and 97.4% for malware family classification; on the reduced feature set, we obtain a (best) accuracy of 94.6% on the malware versus cleanware test and 94.5% on the malware classification test. An interesting feature of the new tests presented here is the reduction in false negative rates by a factor of about 1/3 when compared with the results of the earlier paper. In addition, the speed with which our tests run is reduced by a factor of approximately 3/5 from the times posted for the original paper. The small loss in accuracy and improved false negative rate along with significant improvement in speed indicate that feature reduction should be further pursued as a tool to prevent algorithms from becoming intractable due to too much data.
ISBN 9783642296147
9783642296154
ISSN 0302-9743
1611-3349
Language eng
Field of Research 080201 Analysis of Algorithms and Complexity
Socio Economic Objective 890301 Electronic Information Storage and Retrieval Services
HERDC Research category E2 Full written paper - non-refereed / Abstract reviewed
Copyright notice ©2012, Springer-Verlag
Persistent URL http://hdl.handle.net/10536/DRO/DU:30044841

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Link to Related Work
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 61 Abstract Views, 5 File Downloads  -  Detailed Statistics
Created: Tue, 01 May 2012, 11:01:44 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.