Using Chi-Square test and heuristic search for detecting metamorphic malware

In this paper, we introduce our method for metamorphic malware detection (i.e. malware variants), which is based on the analysis of the PE (Portable Executable) Header information (PEH). We propose an efficient hybrid Filter-Wrapper feature reduction and selection method that uses a combination of C...

Full description

Saved in:
Bibliographic Details
Published in2015 First International Conference on New Technologies of Information and Communication (NTIC) pp. 1 - 4
Main Authors Belaoued, Mohamed, Mazouzi, Smaine, Noureddine, Seddari, Salah, Bougueroua
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.11.2015
Subjects
Algorithm design and analysis
Chi-Square test
Classification algorithms
Feature extraction
Filtering algorithms
Greedy Hill Climbing Algorithm
Hidden Markov models
Malware
Metamorphic Malware Detection
Software
Windows PE
Online AccessGet full text

Cover

More Information
Summary:In this paper, we introduce our method for metamorphic malware detection (i.e. malware variants), which is based on the analysis of the PE (Portable Executable) Header information (PEH). We propose an efficient hybrid Filter-Wrapper feature reduction and selection method that uses a combination of Chi-Square test (KHI2) and the Greedy Hill Climbing search algorithm (GHC). The KHI 2 is first applied to reduce the number obtained PEH by removing the irrelevant ones and then the GHC is used to select the most relevant feature subset that will have a high contribution in the decision process. This will improve the accuracy and considerably reducing the processing time. We conducted a set of experimentations on a dataset composed of 10 different malware families, and a set of benign programs. The obtained results were very satisfactory since we were able to achieve more than 97% of accuracy using only 1% of the initially extracted features.
ISBN:9781467366847
1467366846
DOI:10.1109/NTIC.2015.7368758