Malicious code detection using penalized splines on OPcode frequency

Mamoun Alazab, Mohammad Al Kadiri, Sitalakshmi Venkatraman, Ameer Al-Nemrat

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in Proceedings

Abstract

Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

Original languageEnglish
Title of host publication2012 Third Cybercrime and Trustworthy Computing Workshop
Place of PublicationVIC, Australia
PublisherIEEE Computer Society
Pages38-47
Number of pages10
ISBN (Print)9780769549408
DOIs
Publication statusPublished - 13 May 2013
Externally publishedYes
Event2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012 - Ballarat, VIC, Australia
Duration: 29 Oct 201230 Oct 2012

Conference

Conference2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
CountryAustralia
CityBallarat, VIC
Period29/10/1230/10/12

Fingerprint Dive into the research topics of 'Malicious code detection using penalized splines on OPcode frequency'. Together they form a unique fingerprint.

Cite this