Metamorphic Malware Detection Based on Support Vector Machine Classification of Malware Sub-Signatures
Abstract: Achieving accurate
and efficient metamorphic malware detection remains a challenge. Metamorphic
malware is able to mutate and alter its code structure in each infection that
can circumvent signature matching detection. However, some vital
functionalities and code segments remain unchanged between mutations.We exploit
these unchanged features by the mean of classification using Support Vector
Machine (SVM). N-gram features are extracted directly from malware binaries to
avoid disassembly, which these features are then masked with the extracted
known malware signature n-grams. These masked features reduce the number of
selected n-gram features considerably. Our method is capable to accurately
detect metamorphic malware with ~99% accuracy and low false positive rate. The
proposed method is also superior to commercially available anti-viruses for
detecting metamorphic malware.
Author: Ban Mohammed Khammas ,
Alireza Monemi , Ismahani Ismail , Sulaiman Mohd Nor , and M.N. Marsono
Journal Code: jptkomputergg160153
