A Hybrid wrapper-filter approach for malware detection

Mamoun Alazab, Shamsul Huda, Jemal Abawajy, Rafiqul Islam, John Yearwood, Sitalakshmi Venkatraman, Roderic Broadhurst

Research output: Contribution to journalArticle

Abstract

This paper presents an efficient and novel approach for malware detection. The proposed approach uses a hybrid wrapper-filter model for malware feature selection, which combines Maximum Relevance (MR) filter heuristics and Artificial Neural Net Input Gain Measurement Approximation (ANNIGMA) wrapper heuristic for sub-set selection by capitalizing on each classifier's strengths. The novelty of the proposed approach is that it injects the intrinsic characteristics of data obtained by the filter into the wrapper stage and combines this with wrapper's heuristic score. This in turn can reduce the search space and guide the search for the most significant malware features that assist in detection. Extensive cross-validated experimental investigations on actual malware datasets were conducted to evaluate the performance of the proposed model. The model was compared with several existing models including independent wrapper and filter approaches. The results of the model's performance on both obfuscated malware as well as benign datasets showed that the proposed hybrid MRANNIGMA model out-performed the independent filter and wrapper approaches by achieving the highest accuracy of 97%. Furthermore, this hybrid model improved execution time by using a more compact set of operation code features, and also reduced the rate of false positives.
Original languageEnglish
Pages (from-to)2878-2891
Number of pages14
JournalJournal of networks
Volume9
Issue number11
DOIs
Publication statusPublished - 2014
Externally publishedYes

Keywords

  • Malware
  • Opcodes
  • Feature selection
  • Wrapper-filter
  • Neural network
  • Multi-layer perceptron networks

Fingerprint Dive into the research topics of 'A Hybrid wrapper-filter approach for malware detection'. Together they form a unique fingerprint.

Cite this