Graph embedding as a new approach for unknown malware detection

Malware is any type of computer program which is developed to harm computers, networks, and information. Noticeable growth of malware development has made computer and network security a significant and challenging area in recent years. There is an intensive competition between malwares and antiviru...

Full description

Saved in:
Bibliographic Details
Published inJournal of Computer Virology and Hacking Techniques Vol. 13; no. 3; pp. 153 - 166
Main Authors Hashemi, Hashem, Azmoodeh, Amin, Hamzeh, Ali, Hashemi, Sattar
Format Journal Article
LanguageEnglish
Published Paris Springer Paris 01.08.2017
Springer Nature B.V
Subjects
Anti-virus software
Classifiers
Computer Science
Computer viruses
Computers
Cybersecurity
Eigenvalues
Eigenvectors
Iterative methods
Machine learning
Malware
Original Paper
Support vector machines
Graph embedding
Malware detection
Computer security
Power iteration
Machine learning
Online AccessGet full text

Cover

More Information
Summary:Malware is any type of computer program which is developed to harm computers, networks, and information. Noticeable growth of malware development has made computer and network security a significant and challenging area in recent years. There is an intensive competition between malwares and antiviruses. Malware authors make every effort to develop new harmful codes using various programming tricks and exploits which are unseen for detection techniques. On the other hand, antivirus developers upgrade their methods and algorithms to recognize unknown malware. Therefore, an accurate and rapid detection method is an irrefutable demand in computer security area. This paper proposes a new malware detection method based on the OpCodes within an executable file. Proposed method generates a graph of operational codes (OpCode) within an executable file and then embeds this graph into eigenspace using “Power Iteration” method. This will help us represent an executable file as a linear combination of eigenvectors proportionate to their eigenvalues, which is beneficial to train machine learning classifiers such as k-nearest neighbor (KNN) and support vector machine (SVM). The main advantages of our proposed method are high detection rate despite utilizing simple classifiers like KNN, acceptable computational complexity even in large scale datasets against rival methods, and low false positive rate.
ISSN:2263-8733
2263-8733
DOI:10.1007/s11416-016-0278-y