| Peer-Reviewed

Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR)

Received: 18 March 2015     Accepted: 6 April 2015     Published: 11 May 2015
Views:       Downloads:
Abstract

Now a day’s malware are one of the major threats to computer information system. The current malware detection technologies have certain significant limitations on their part. Different organizations which deal with the protection of sensitive information may face the problem in identifying recent malware threats among millions and billions of benign executables using just signature-based antivirus systems. Currently for frontline defense against malware, signature-based antivirus products are used by organization.In the undergoing project, we proposed a detection approach by using static heuristics in MATR for malware in PE (portable executable) files. The project suggestslarger performance-based malware target recognition architecture that at present use only static heuristic features.Results of the experiments show that this architecture achieves an overall test accuracy of greater than 98% againstmalware set collected from various operational environments, while most antivirus provide detection accuracy of only 60% at their most sensitive configuration [1]. Implementations of this architecture enables benign executables to be classified successfully to some extent providing enhanced awareness of operators in hostile environments it also enable detection of unknown malware. We are to show the performance of Bagging and AdaBoostensemble.

Published in American Journal of Networks and Communications (Volume 4, Issue 3)
DOI 10.11648/j.ajnc.20150403.14
Page(s) 44-48
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2015. Published by Science Publishing Group

Keywords

Malware, PE (Portable Executable), Bagging, AdaBoost (Adaptive Boosting)

References
[1] T. E. Dube, R. A. Raines, M. R. Grimaila, K. W. Bauer, S. K. Rogers, “Malware Target Recognition of Unknown Threats,” IEEE Systems Journal, 2013.
[2] P. Szor, “The Art of Computer Virus Research and Defense”, IN: Addison-Wesley, 2005.
[3] M. Schultz, E. Eskin, E. Zadok, and S. Stolfo, “Data mining methods for detection of new malicious executables,” in Proc. IEEE Symp. Security Privacy, May 2001, pp. 38–49.
[4] A. Moser, C. Kruegel, and E. Kirda, “Limits of static analysis for malware detection,” in Proc. ACSAC, 2007, pp. 421–430.
[5] M. Christodorescu, N. Kidd, and W.-H. Goh, “String analysis for x86 binaries,” ACM SIGSOFT Softw. Eng. Notes, vol. 31, no. 1, p. 95, 2006.
[6] N. Rafiq and Y. Mao, “Improving heuristics,” Virus Bull., pp. 9–12, Aug. 2008.
[7] S. Treadwell and M. Zhou, “A heuristic approach for detection of obfuscated malware,” in Proc. Intell. Security Inform., Jun. 2009, pp. 291–299.
[8] Jinrong Bai, Junfeng Wang, and Guozhong Zou, “A Malware Detection Scheme Based on Mining Format Information,” The Scientific World Journal Volume 2014, Article ID 260905, 11 pages.
[9] A. Shabtai, R.Moskovitch, Y. Elovici, and C. Glezer, “Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey,” Information Security Technical Report, vol. 14, no. 1, pp. 16–29, 2009.
[10] J. Z. KolterandM. A.Maloof, “Learning to detect and classify malicious executables in the wild,” Journal of Machine Learning Research, vol. 7, pp. 2721–2744, 2006.
[11] J. O. Kephart and B. Arnold, “Automatic extraction of computer virus signatures,” in Proc. 4th Virus Bull. Int. Conf., 1994, pp. 178–184.
[12] W. Arnold and G. Tesauro, “Automatically generated Win32 heuristic virus detection,” in Proc. Virus Bull. Conf., Sep. 2000, pp. 51–60.
[13] G. Tesauro, J. Kephart, and G. Sorkin, “Neural networks for computer virus recognition,” IEEE Expert, vol. 11, no. 4, pp. 5–6, Aug. 1996.
[14] T. E. Dube, R. A. Raines, S. K. Rogers, “Malware Target Recognition,” United States Patent Application Publication [US 2012/0260342 A1], 2012.
[15] Symantec Corporation, “Understanding Heuristics: Symantec’s Bloodhound Technology,” Symantec White Paper Series, vol. XXXIV, no. 1, pp. 1–14, 1997.
[16] T. Dube, R. Raines, G. Peterson, K. Bauer, M. Grimaila, S. Rogers, “Malware target recognition via static heuristics,” Elsevier computers & security 31 (2012) 137-1 47.
[17] VX Heavens. (2010, Apr. 15). Virus Collection [Online]. Available: vx.netlux.org/vl.php
[18] T. E. Dube, “A NOVEL MALWARE TARGET RECOGNITION ARCHITECTURE FOR ENHANCED CYBERSPACE SITUATION AWARENESS,” Air Force Institute of Technology, AFIT/DCE/ENG/11-07, September 2011.
Cite This Article
  • APA Style

    Anuj Lohani, Aditi Lohani, Jitendra Singh, Manish Bhardwaj. (2015). Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR). American Journal of Networks and Communications, 4(3), 44-48. https://doi.org/10.11648/j.ajnc.20150403.14

    Copy | Download

    ACS Style

    Anuj Lohani; Aditi Lohani; Jitendra Singh; Manish Bhardwaj. Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR). Am. J. Netw. Commun. 2015, 4(3), 44-48. doi: 10.11648/j.ajnc.20150403.14

    Copy | Download

    AMA Style

    Anuj Lohani, Aditi Lohani, Jitendra Singh, Manish Bhardwaj. Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR). Am J Netw Commun. 2015;4(3):44-48. doi: 10.11648/j.ajnc.20150403.14

    Copy | Download

  • @article{10.11648/j.ajnc.20150403.14,
      author = {Anuj Lohani and Aditi Lohani and Jitendra Singh and Manish Bhardwaj},
      title = {Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR)},
      journal = {American Journal of Networks and Communications},
      volume = {4},
      number = {3},
      pages = {44-48},
      doi = {10.11648/j.ajnc.20150403.14},
      url = {https://doi.org/10.11648/j.ajnc.20150403.14},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajnc.20150403.14},
      abstract = {Now a day’s malware are one of the major threats to computer information system. The current malware detection technologies have certain significant limitations on their part. Different organizations which deal with the protection of sensitive information may face the problem in identifying recent malware threats among millions and billions of benign executables using just signature-based antivirus systems. Currently for frontline defense against malware, signature-based antivirus products are used by organization.In the undergoing project, we proposed a detection approach by using static heuristics in MATR for malware in PE (portable executable) files. The project suggestslarger performance-based malware target recognition architecture that at present use only static heuristic features.Results of the experiments show that this architecture achieves an overall test accuracy of greater than 98% againstmalware set collected from various operational environments, while most antivirus provide detection accuracy of only 60% at their most sensitive configuration [1]. Implementations of this architecture enables benign executables to be classified successfully to some extent providing enhanced awareness of operators in hostile environments it also enable detection of unknown malware. We are to show the performance of Bagging and AdaBoostensemble.},
     year = {2015}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Static Heuristics Classifiers as Pre-Filter for Malware Target Recognition (MATR)
    AU  - Anuj Lohani
    AU  - Aditi Lohani
    AU  - Jitendra Singh
    AU  - Manish Bhardwaj
    Y1  - 2015/05/11
    PY  - 2015
    N1  - https://doi.org/10.11648/j.ajnc.20150403.14
    DO  - 10.11648/j.ajnc.20150403.14
    T2  - American Journal of Networks and Communications
    JF  - American Journal of Networks and Communications
    JO  - American Journal of Networks and Communications
    SP  - 44
    EP  - 48
    PB  - Science Publishing Group
    SN  - 2326-8964
    UR  - https://doi.org/10.11648/j.ajnc.20150403.14
    AB  - Now a day’s malware are one of the major threats to computer information system. The current malware detection technologies have certain significant limitations on their part. Different organizations which deal with the protection of sensitive information may face the problem in identifying recent malware threats among millions and billions of benign executables using just signature-based antivirus systems. Currently for frontline defense against malware, signature-based antivirus products are used by organization.In the undergoing project, we proposed a detection approach by using static heuristics in MATR for malware in PE (portable executable) files. The project suggestslarger performance-based malware target recognition architecture that at present use only static heuristic features.Results of the experiments show that this architecture achieves an overall test accuracy of greater than 98% againstmalware set collected from various operational environments, while most antivirus provide detection accuracy of only 60% at their most sensitive configuration [1]. Implementations of this architecture enables benign executables to be classified successfully to some extent providing enhanced awareness of operators in hostile environments it also enable detection of unknown malware. We are to show the performance of Bagging and AdaBoostensemble.
    VL  - 4
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Dept. of Computer Science and Engineering, SRM University, NCR Campus, Modinagar, India

  • Dept. of Computer Science and Engineering, SRM University, NCR Campus, Modinagar, India

  • Dept. of Computer Science and Engineering, SRM University, NCR Campus, Modinagar, India

  • Dept. of Computer Science and Engineering, SRM University, NCR Campus, Modinagar, India

  • Sections