Malware cases are increasing both in numbers and fatality. Hackers design malware to compromise systems security mostly confidentiality, integrity, and availability. Malware elimination techniques exist but the malware must be detected first. Malware detection techniques still have weaknesses of high false positive/negatives rates. The emergency of polymorphic malware has made the situation worse. Recent studies have shown data mining to be promising in identifying malware by analyzing API calls. However, in this approach, a file is detected as malicious or not. It is not classified on to which malware class it belongs. This makes its elimination harder as elimination schemes are mostly class based. Classification as a post detection process is important if the malware is to be eliminated from the system. We experiment on the use of data mining approach to classify malware using 4-gram API system calls. We use Windows Portable Executables (PE) with their corresponding API calls. Using the Cuckoo sandbox. Relevant 4-gram API call features are extracted using Term Frequency-Inverse Document Frequency(TF-IDF). Machine Learning algorithms are then applied to classify the malware.
Erscheinungsdatum: 12.06.2016Medium: BuchEinband: GebundenTitel: Machine Learning in Evolution StrategiesAutor: Kramer, OliverVerlag: Springer-Verlag GmbH // Springer International Publishing AGSprache: EnglischSchlagworte: Data Mining // EDV // In
Erscheinungsdatum: 06/2014Medium: BuchEinband: GebundenTitel: Neural Networks and Statistical LearningAutor: Du, Ke-Lin // Swamy, M. N. S.Verlag: Springer-Verlag GmbH // Springer LondonSprache: EnglischSchlagworte: Data Mining // EDV // Mustererken