Malicious code detection using penalized splines on OPcode frequency

Mamoun Alazab, Mohammad Al Kadiri, Sitalakshmi Venkatraman, Ameer Al-Nemrat

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

6 Citations (Scopus)

Abstract

Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

Original languageEnglish
Title of host publicationProceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
Place of PublicationLos Alamos, CA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages38-47
Number of pages10
ISBN (Print)9780769549408
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012 - Ballarat, VIC, Australia
Duration: 29 Oct 201230 Oct 2012

Other

Other2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
Country/TerritoryAustralia
CityBallarat, VIC
Period29/10/1230/10/12

Fingerprint

Dive into the research topics of 'Malicious code detection using penalized splines on OPcode frequency'. Together they form a unique fingerprint.

Cite this