Abstract
Due to the rapid growth of targeted malware attacks, malware analysis and family classification are important for all types of users such as personal, enterprise, and government. Traditional signature-based malware detection and anti-virus systems fail to classify the new variants of unknown malware into their corresponding families. Therefore, we propose malware family classification system for 11 malicious families by extracting their prominent API features from the reports of enhanced and scalable version of cuckoo sandbox. Moreover, the proposed system contributes feature extraction algorithm, feature reduction and representation procedure for identifying and representing the extracted feature attributes. To classify the different types of malicious software Random Forest (RF), K-Nearest Neighbor (KNN), and Decision Table (DT) machine learning multi-class classifiers have been used in this system and RF and KNN classifiers provide 95.8% high accuracy in malware family classification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Internet Security Threat Report, Volume 22, Symantec (April 2017)
Yin, H., Song, D.: Automatic Malware Analysis: An Emulator Based Approach, Springer-Briefs in Computer Science, http://doi.org/10.1007/978-1-4614-5523-37(2013)
Salehi, Z., Ghiasi, M., Sami, A.: A miner for malware detection based on API functioncalls and their arguments, In: Artificial Intelligence and Signal Processing (AISP), 16th CSI International Symposium on, pp. 563–568 (May 2012)
Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based onextraction of api sequences, In: International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337–2342 (September 2014)
R. Tian, R. Islam, L. Batten, and Versteeg, S.: Differentiating malware from cleanware using behavioural analysis, Malicious and Unwanted Software (MALWARE), 5th International Conference on, vol. 5, no. 5, pp. 23–30 (2010)
Dennis Distler, Malware Analysis: An Introduction, SANS Institute, (December 14, 2007)
Ahmadi, Mansour, Dmitry, U., Stanislav, S., Mikhail, T., Giorgio, G.: Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 183-194. ACM (2016)
Kohavi, R.: The power of decision tables. Machine learning: ECML-95, 174-189, (1995).
Kawaguchi, N., Omote, K.: Malware function classification using APIs in initial behavior. In: Information Security (AsiaJCIS), 10th Asia Joint Conference on, pp. 138-144. IEEE, (2015)
Qi, Y.: Random Forest for bioinformatics, http://www.cs.cmu.edu/
Hansen, Steven, S., Thor Mark Tampus, L., Matija, S., Jens Myrup, P.: An approach fordetection and family classification of malware based on behavioral analysis. In Computing, Networking and Communications (ICNC), International Conference on, pp. 1-5. IEEE, (2016)
Hong, J., Park, S., Kim, SW.: On exploiting static and dynamic features in malware classification. In: International Conference on Big Data Technologies and Applications (pp. 122-129). Springer, Cham (Nov 17 2016)
Ranveer, S., Hiray, S.: Comparative analysis of feature extraction methods of malware detection, International Journal of Computer Applications. 120(5) (Jan 1 2015)
Pirscoveanu, Radu, S., Steven Hansen, S., Thor MT, L., Matija, S., Jens Myrup, P., Alexandre, C.: Analysis of malware behavior: Type classification using machine learning. In Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), International Conference on, pp. 1-7. IEEE, (2015)
S. Gupta, H. Sharma, S. Kaur, Malware characterization using windows API calls sequences, In: International Conference on Security, Privacy, and Applied Cryptography Engineering, Springer, Cham, pp. 271-280, (2016 Dec 14)
TM. Mitchell, Machine learning. WCB. (1997).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
San, C.C., Thwin, M.M.S., Htun, N.L. (2019). Malicious Software Family Classification using Machine Learning Multi-class Classifiers. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 481. Springer, Singapore. https://doi.org/10.1007/978-981-13-2622-6_41
Download citation
DOI: https://doi.org/10.1007/978-981-13-2622-6_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2621-9
Online ISBN: 978-981-13-2622-6
eBook Packages: EngineeringEngineering (R0)