Malicious code detection using penalized splines on OPcode frequency

Mamoun Alazab, Mohammad Al Kadiri, Sitalakshmi Venkatraman, Ameer Al-Nemrat

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

Abstract

Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

Original languageEnglish
Title of host publication2012 Third Cybercrime and Trustworthy Computing Workshop
Place of PublicationVIC, Australia
PublisherIEEE Computer Society
Pages38-47
Number of pages10
ISBN (Print)9780769549408
DOIs
Publication statusPublished - 13 May 2013
Externally publishedYes
Event2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012 - Ballarat, VIC, Australia
Duration: 29 Oct 201230 Oct 2012

Conference

Conference2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
CountryAustralia
CityBallarat, VIC
Period29/10/1230/10/12

Fingerprint

Penalized Splines
Malware
Splines
Obfuscation
Feature Selection
Innumerable
Feature extraction
Multivariate Regression
Logistic Regression Model
Reverse Engineering
Exponential Growth
Reverse engineering
Filtering
Logistics
kernel
Software
Experimental Results

Cite this

Alazab, M., Al Kadiri, M., Venkatraman, S., & Al-Nemrat, A. (2013). Malicious code detection using penalized splines on OPcode frequency. In 2012 Third Cybercrime and Trustworthy Computing Workshop (pp. 38-47). [6498426] VIC, Australia: IEEE Computer Society. https://doi.org/10.1109/CTC.2012.15
Alazab, Mamoun ; Al Kadiri, Mohammad ; Venkatraman, Sitalakshmi ; Al-Nemrat, Ameer. / Malicious code detection using penalized splines on OPcode frequency. 2012 Third Cybercrime and Trustworthy Computing Workshop. VIC, Australia : IEEE Computer Society, 2013. pp. 38-47
@inproceedings{8537e18df9244112932b8f6c085c052d,
title = "Malicious code detection using penalized splines on OPcode frequency",
abstract = "Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.",
keywords = "Cybercrime, Malware detection, Multivariate statistics, Obfuscation, Operation codes, Penalised splines",
author = "Mamoun Alazab and {Al Kadiri}, Mohammad and Sitalakshmi Venkatraman and Ameer Al-Nemrat",
year = "2013",
month = "5",
day = "13",
doi = "10.1109/CTC.2012.15",
language = "English",
isbn = "9780769549408",
pages = "38--47",
booktitle = "2012 Third Cybercrime and Trustworthy Computing Workshop",
publisher = "IEEE Computer Society",
address = "United States",

}

Alazab, M, Al Kadiri, M, Venkatraman, S & Al-Nemrat, A 2013, Malicious code detection using penalized splines on OPcode frequency. in 2012 Third Cybercrime and Trustworthy Computing Workshop., 6498426, IEEE Computer Society, VIC, Australia, pp. 38-47, 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012, Ballarat, VIC, Australia, 29/10/12. https://doi.org/10.1109/CTC.2012.15

Malicious code detection using penalized splines on OPcode frequency. / Alazab, Mamoun; Al Kadiri, Mohammad; Venkatraman, Sitalakshmi; Al-Nemrat, Ameer.

2012 Third Cybercrime and Trustworthy Computing Workshop. VIC, Australia : IEEE Computer Society, 2013. p. 38-47 6498426.

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

TY - GEN

T1 - Malicious code detection using penalized splines on OPcode frequency

AU - Alazab, Mamoun

AU - Al Kadiri, Mohammad

AU - Venkatraman, Sitalakshmi

AU - Al-Nemrat, Ameer

PY - 2013/5/13

Y1 - 2013/5/13

N2 - Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

AB - Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

KW - Cybercrime

KW - Malware detection

KW - Multivariate statistics

KW - Obfuscation

KW - Operation codes

KW - Penalised splines

UR - http://www.scopus.com/inward/record.url?scp=84877273936&partnerID=8YFLogxK

U2 - 10.1109/CTC.2012.15

DO - 10.1109/CTC.2012.15

M3 - Conference Paper published in Proceedings

SN - 9780769549408

SP - 38

EP - 47

BT - 2012 Third Cybercrime and Trustworthy Computing Workshop

PB - IEEE Computer Society

CY - VIC, Australia

ER -

Alazab M, Al Kadiri M, Venkatraman S, Al-Nemrat A. Malicious code detection using penalized splines on OPcode frequency. In 2012 Third Cybercrime and Trustworthy Computing Workshop. VIC, Australia: IEEE Computer Society. 2013. p. 38-47. 6498426 https://doi.org/10.1109/CTC.2012.15