Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Portable Executable files

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    Windows malware detection system based on LSVC recommended hybrid features
    (Springer-Verlag France 22, Rue de Palestro Paris 75002, 2019) Shiva Darshan, S.L.; Jaidhar, C.D.
    To combat exponentially evolved modern malware, an effective Malware Detection System and precise malware classification is highly essential. In this paper, the Linear Support Vector Classification (LSVC) recommended Hybrid Features based Malware Detection System (HF-MDS) has been proposed. It uses a combination of the static and dynamic features of the Portable Executable (PE) files as hybrid features to identify unknown malware. The application program interface calls invoked by the PE files during their execution along with their correspondent category are collected and considered as dynamic features from the PE file behavioural report produced by the Cuckoo Sandbox. The PE files’ header details such as optional header, disk operating system header, and file header are treated as static features. The LSVC is used as a feature selector to choose prominent static and dynamic features from their respective Original Feature Space. The features recommended by the LSVC are highly discriminative and used as final features for the classification process. Different sets of experiments were conducted using real-world malware samples to verify the combination of static and dynamic features, which encourage the classifier to attain high accuracy. The tenfold cross-validation experimental results demonstrate that the proposed HF-MDS is proficient in precisely detecting malware and benign PE files by attaining detection accuracy of 99.743% with sequential minimal optimization classifier consisting of hybrid features. © 2018, Springer-Verlag France SAS, part of Springer Nature.
  • No Thumbnail Available
    Item
    An empirical study to estimate the stability of random forest classifier on the hybrid features recommended by filter based feature selection technique
    (Springer, 2020) Shiva Darshan, S.L.S.; Jaidhar, C.D.
    The emergence of advanced malware is a serious threat to information security. A prominent technique that identifies sophisticated malware should consider the runtime behaviour of the source file to detect malicious intent. Although the behaviour-based malware detection technique is a substantial improvement over the traditional signature-based detection technique, current malware employs code obfuscation techniques to elude detection. This paper presents the Hybrid Features-based malware detection system (HFMDS) that integrates static and dynamic features of the portable executable (PE) files to discern malware. The HFMDS is trained with prominent features advised by the filter-based feature selection technique (FST). The detection ability of the proposed HFMDS has evaluated with the random forest (RF) classifier by considering two different datasets that consist of real-world Windows malware samples. In-depth analysis is carried out to determine the optimal number of decision trees (DTs) required by the RF classifier to achieve consistent accuracy. Besides, four popular FSTs performance is also analyzed to determine which FST recommends the best features. From the experimental analysis, we can infer that increasing the number of DTs after 160 within the RF classifier does not make a significant difference in attaining better detection accuracy. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.
  • No Thumbnail Available
    Item
    Windows malware detector using convolutional neural network based on visualization images
    (IEEE Computer Society, 2021) Shiva Darshan, S.L.; Jaidhar, C.D.
    The evolution of malware is continuing at an alarming rate, despite the efforts made towards detecting and mitigating them. Malware analysis is needed to defend against its sophisticated behaviour. However, the manual heuristic inspection is no longer effective or efficient. To cope with these critical issues, behaviour-based malware detection approaches with machine learning techniques have been widely adopted as a solution. It involves supervised classifiers to appraise their predictive performance on gaining the most relevant features from the original features' set and the trade-off between high detection rate and low computation overhead. Though machine learning-based malware detection techniques have exhibited success in detecting malware, their shallow learning architecture is still deficient in identifying sophisticated malware. Therefore, in this paper, a Convolutional Neural Network (CNN) based Windows malware detector has been proposed that uses the execution time behavioural features of the Portable Executable (PE) files to detect and classify obscure malware. The 10-fold cross-validation tests were conducted to assess the proficiency of the proposed approach. The experimental results showed that the proposed approach was effective in uncovering malware PE files by utilizing significant behavioural features suggested by the Relief Feature Selection Technique. It attained detection accuracy of 97.968 percent. © 2013 IEEE.