Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Shiva Darshan, S.L.Subject: search.filters.subject.Malware

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    Performance Evaluation of Filter-based Feature Selection Techniques in Classifying Portable Executable Files
    (Elsevier B.V., 2018) Shiva Darshan, S.L.; Jaidhar, J.
    The dimensionality of the feature space exhibits a significant effect on the processing time and predictive performance of the Malware Detection Systems (MDS). Therefore, the selection of relevant features is crucial for the classification process. Feature Selection Technique (FST) is a prominent solution that effectively reduces the dimensionality of the feature space by identifying and neglecting noisy or irrelevant features from the original feature space. The significant features recommended by FST uplift the malware detection rate. This paper provides the performance analysis of four chosen filter-based FSTs and their impact on the classifier decision. FSTs such as Distinguishing Feature Selector (DFS), Mutual Information (MI), Categorical Proportional Difference (CPD), and Darmstadt Indexing Approach (DIA) have been used in this work and their efficiency has been evaluated using different datasets, various feature-length, classifiers, and success measures. The experimental results explicitly indicate that DFS and MI offer a competitive performance in terms of better detection accuracy and that the efficiency of the classifiers does not decline on both the balanced and unbalanced datasets. © 2018 The Authors. Published by Elsevier B.V.
  • No Thumbnail Available
    Item
    Windows malware detection system based on LSVC recommended hybrid features
    (Springer-Verlag France 22, Rue de Palestro Paris 75002, 2019) Shiva Darshan, S.L.; Jaidhar, C.D.
    To combat exponentially evolved modern malware, an effective Malware Detection System and precise malware classification is highly essential. In this paper, the Linear Support Vector Classification (LSVC) recommended Hybrid Features based Malware Detection System (HF-MDS) has been proposed. It uses a combination of the static and dynamic features of the Portable Executable (PE) files as hybrid features to identify unknown malware. The application program interface calls invoked by the PE files during their execution along with their correspondent category are collected and considered as dynamic features from the PE file behavioural report produced by the Cuckoo Sandbox. The PE files’ header details such as optional header, disk operating system header, and file header are treated as static features. The LSVC is used as a feature selector to choose prominent static and dynamic features from their respective Original Feature Space. The features recommended by the LSVC are highly discriminative and used as final features for the classification process. Different sets of experiments were conducted using real-world malware samples to verify the combination of static and dynamic features, which encourage the classifier to attain high accuracy. The tenfold cross-validation experimental results demonstrate that the proposed HF-MDS is proficient in precisely detecting malware and benign PE files by attaining detection accuracy of 99.743% with sequential minimal optimization classifier consisting of hybrid features. © 2018, Springer-Verlag France SAS, part of Springer Nature.
  • No Thumbnail Available
    Item
    Windows malware detector using convolutional neural network based on visualization images
    (IEEE Computer Society, 2021) Shiva Darshan, S.L.; Jaidhar, C.D.
    The evolution of malware is continuing at an alarming rate, despite the efforts made towards detecting and mitigating them. Malware analysis is needed to defend against its sophisticated behaviour. However, the manual heuristic inspection is no longer effective or efficient. To cope with these critical issues, behaviour-based malware detection approaches with machine learning techniques have been widely adopted as a solution. It involves supervised classifiers to appraise their predictive performance on gaining the most relevant features from the original features' set and the trade-off between high detection rate and low computation overhead. Though machine learning-based malware detection techniques have exhibited success in detecting malware, their shallow learning architecture is still deficient in identifying sophisticated malware. Therefore, in this paper, a Convolutional Neural Network (CNN) based Windows malware detector has been proposed that uses the execution time behavioural features of the Portable Executable (PE) files to detect and classify obscure malware. The 10-fold cross-validation tests were conducted to assess the proficiency of the proposed approach. The experimental results showed that the proposed approach was effective in uncovering malware PE files by utilizing significant behavioural features suggested by the Relief Feature Selection Technique. It attained detection accuracy of 97.968 percent. © 2013 IEEE.