Metamorphic malware detection using base malware identification approach

Authors

  • Devendra Kumar Mahawer,

    Corresponding author
    1. Department of Computer Science & Engineering, Central University of Rajasthan, Bandarsindri, Rajasthan, India
    • Correspondence: Devendra Kumar Mahawer, Department of Computer Science & Engineering, Central University of Rajasthan, Bandarsindri, Rajasthan, India.

      E-mail: devendramahawer@curaj.ac.in

    Search for more papers by this author
  • A. Nagaraju

    1. Department of Computer Science & Engineering, Central University of Rajasthan, Bandarsindri, Rajasthan, India
    Search for more papers by this author

ABSTRACT

Malware is a malicious program that is intentionally developed to harm computer systems. Because the metamorphic malwares are advanced in nature, they mutate their code in each generation by employing code obfuscation techniques to thwart detection. Conventional scanners even fail to detect all variants of such malware. In the view of metamorphic malware detection, we have proposed the concept of machine learning approach like support vector machine with histogram intersection kernel. It has been successfully implemented in the area of image classification, bioinformatics (protein classification and cancer classification). This method provides more accuracy in terms of detection rate to build the effective detection system for metamorphic malwares. In the proposed method, we first extract feature histograms from each portable executable file and map them into the feature space using a histogram intersection kernel. The histogram intersection kernel helps us to find the optimal hyperplane for separating the metamorphic variants from benign programs in a feature space of very high dimension. The results show that our proposed method is capable of detecting metamorphic variants with few false alarms or misses. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary