No Access

Department of Computer Science and Engineering, Alagappa Chettiar Government College of Engineering and Technology, Karaikudi, Tamilnadu, India

Corresponding author.

Search for more papers by this author

and

K. Sundara Krishnan

https://orcid.org/0000-0003-4290-596X

Department of Computer Science and Engineering, Alagappa Chettiar Government College of Engineering and Technology, Karaikudi, Tamilnadu, India

E-mail Address: sundarakrishnank@gmail.com

Search for more papers by this author

https://doi.org/10.1142/S0218194024500086Cited by:0 (Source: Crossref)

Abstract

Cybercriminals motivated by malign purpose and financial gain are rapidly developing new variants of sophisticated malware using automated tools, and most of these malware target Windows operating systems. This serious threat demands efficient techniques to analyze and detect zero-day, polymorphic and metamorphic malware. This paper introduces two frameworks for Windows malware detection using random forest algorithms. The first scheme uses features obtained from static and dynamic analysis for training, and the second scheme uses features obtained from static, dynamic, malware image analysis, location-sensitive hashing and file format inspections. We carried out an extensive experiment on two feature sets, and the proposed schemes are evaluated using seven standard evaluation metrics. The experiment results demonstrate that the second scheme recognizes unseen malware better than the first scheme and three state-of-the-art works. The findings show that the second scheme’s multi-view feature set contributes to its 99.58% accuracy and lowers false positive rate of 0.54%.

Keywords:

References

1. E. Kirda, Malware behavior clustering, in Encyclopedia of Cryptography and Security (Springer, Boston, MA, 2011), pp. 751–752. Crossref, Google Scholar
2. A. Petrosyan, Statistics on annual number of malware attacks worldwide from 2015 to 2022 (2023), https://www.statista.com/statistics/873097/malware-attacks-per-year-worldwide/. Google Scholar
3. J. Singh and J. Singh, A survey on machine learning based malware detection in executable files, J. Syst. Architect. 112 (2021) 101861. Crossref, Web of Science, Google Scholar
4. A. Hussain, M. Asif, M. B. Ahmad, T. Mahmood and M. A. Raza, Malware detection using machine learning algorithms for windows platform, in Proc. Int. Conf. Information Technology and Applications, Lecture Notes in Networks and Systems, Vol. 350 (Springer, Singapore, 2022), pp. 619–632. Crossref, Google Scholar
5. A. Kumara and C. D. Jaidhar, Automated multi level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM, Fut. Gener. Comput. Syst. 79 (2018) 431–446. Crossref, Web of Science, Google Scholar
6. N. Sharma, R. Sharma and N. Jindal, Machine learning and deep learning applications — A vision, Global Transit. Proc. 2(1) (2021) 24–28. Crossref, Google Scholar
7. S. Ciss, Generalization error and out-of-bag bounds in random forests, HAL open science (2015) hal-01110524v2. Google Scholar
8. A. Damodaran, F. D. Troia, C. A. Visaggio, T. H. Austin and M. Stamp, A comparison of static, dynamic and hybrid analysis for malware detection, J. Comput. Virol. Hack. Tech. 13 (2017) 1–12. Crossref, Google Scholar
9. D. Ucci, L. Aniello and R. Baldoni, Survey of machine learning techniques for malware analysis, Comput. Sec. 81 (2019) 123–147. Crossref, Web of Science, Google Scholar
10. O. Or-Meir, N. Nissim, Y. Elovici and L. Rokach, Dynamic malware analysis in the modern era — A state of the art survey, ACM Comput. Surv. 52(5) (2019) 1–48. Crossref, Web of Science, Google Scholar
11. T. Panker and N. Nissim, Leveraging malicious behavior traces from volatile memory using machine learning methods for trusted unknown malware detection in Linux cloud environments, Knowl.-Based Syst. 226(4) (2021) 107095. Crossref, Google Scholar
12. E. Ameer, I. Zelinka and S. El-Sappagh, A multi-perspective malware detection approach through behavioral fusion of API call sequence, Comput. Sec. 110 (2021) 102449. Crossref, Web of Science, Google Scholar
13. A. Kamboj, P. Kumar, A. K. Bairawa and S. Joshi, Detection of malware in downloaded files using various machine learning models, Egypt. Inform. J. 24(1) (2023) 81–94. Crossref, Web of Science, Google Scholar
14. Y. Zhao, B. Bo, Y. Feng, C. Y. Xu and B. Yu, A feature extraction method of hybrid gram for malicious behavior based on machine learning, Sec. Commun. Netw. 2019(2) (2019) 1–8. Google Scholar
15. A. Kumar, K. S. Kuppusamy and G. Aghila, A learning model to detect maliciousness of portable executable using integrated feature set, J. King Saud Univ.-Comput. Inf. Sci. 31 (2019) 252–265. Google Scholar
16. I. Shhadat, B. Bataineh, A. Hayajneh and Z. A. Al-Sharif, The use of machine learning techniques to advance the detection and classification of unknown malware, Procedia Comput. Sci. 170 (2020) 917–922. Crossref, Google Scholar
17. S. Sharma, C. R. Krishna and S. K. Sahay, Detection of advanced malware by machine learning techniques, Soft Comput. Theor. Appl. 742 (2018) 332–342. Google Scholar
18. N. T. Nguyen, T. X. Dang, M. S. Dao and D. T. D. Nguyen, Malware detection using system logs, in Proc. of the 2020 ACM Workshop on Intelligent Cross-Data Analysis and Retrival, 2020, pp. 9–14. Crossref, Google Scholar
19. T. Wuchner, M. Ochoa and A. Pretschner, Malware detection with quantitative data flow graphs, in Proc. 9th ACM Symposium on Information, Computer and Communications Security, 2014, pp. 271–282. Crossref, Google Scholar
20. Y. Zhang, Z. Liu and Y. Jiang, The classification and detection of malware using soft relevance evaluation, IEEE. Trans. Reliab. 71(1) (2022) 309–320. Crossref, Web of Science, Google Scholar
21. S. Das, Y. Liu, W. Zhang and M. Chandramohan, Semantics-based online malware detection: Towards efficient real-time protection against malware, IEEE. Trans. Inf. Forensics Sec. 11(2) (2016) 289–302. Crossref, Web of Science, Google Scholar
22. N. Chawla, H. Kumar and S. Mukhopadhyay, Machine learning in wavelet domain for electromagnetic emission based malware analysis, IEEE Trans. Inf. Forensics Sec. 16 (2021) 3426–3441. Crossref, Web of Science, Google Scholar
23. J. Pavithra and S. Selvakumarasamy, An adaptive-feature centric XGBoost ensemble classifier model for improved malware detection and classification, J. Cyber Sec. 4(3) (2023) 135–151. Crossref, Google Scholar
24. R. Casolare, G. Ciramella, G. Iadarola, F. Martinelli, F. Mercaldo, A. Santone and M. Tommasone, On the resilience of shallow machine learning classification in image based malware detection, Procedia Comput. Sci. 207 (2022) 145–157. Crossref, Google Scholar
25. Bai and J. Wang, Improving malware detection using multi-view ensemble learning, Sec. Commun. Netw. 9(17) (2016) 4227–4241. Crossref, Web of Science, Google Scholar
26. J. Drew, M. Hashler and T. Moore, Polymorphic malware detection using sequence classification methods and ensembles, EURASIP J. Inf. Sec. 2017 (2017) 2. Crossref, Google Scholar
27. M. Chemmakha, O. Habibi and M. Lazaar, Improving machine learning models for malware detection using embedded feature selection method, IFAC-PapersOnLine 55(12) (2022) 771–776. Google Scholar
28. J. Zhang, CLEMENT: Machine learning methods for malware recognition based on semantic behaviours, in Int. Conf. on Computer Information and Big Data Applications, (CIBDA). 2020, pp. 233–236. Crossref, Google Scholar
29. Z. Xu, C. Wen, S. Qin and Z. Ming, Effective malware detection based on behaviour and data features, in Smart Computing and Communication, Lecture Notes in Computer Science, Vol. 10699 (Springer, Cham, 2018), pp. 53–66. Crossref, Google Scholar
30. L. Breiman, Random forests, Mach. Learn. 45 (2001) 5–32. Crossref, Web of Science, Google Scholar
31. L. Breiman, Bagging predictors, Mach. Learn. 24 (1996) 123–140. Crossref, Web of Science, Google Scholar
32. T. K. Ho, The random subspace method for constructing decision forests, IEEE. Trans. Pattern Anal. Mach. Intell. 20(8) (1998) 832–844. Crossref, Web of Science, Google Scholar
33. S. Qaiser and R. Ali, Text mining: Use of TF-IDF to examine the relevance of words to documents, Int. J. Comput. Appl. 181(1) (2018) 25–29. Crossref, Google Scholar
34. J. Oliver and J. Hagen, Designing the elements of a fuzzy hashing scheme, in IEEE 19th Int. Conf. Embedded and Ubiquitous Computing (EUC), 2021, pp. 1–6. Crossref, Google Scholar
35. J. J. Oliver, C. F. Cheng and Y. Chen, TLSH - A locality sensitive hash, in Fourth Cybercrime and Trustworthy Computing Workshop (2013), pp. 7–13. Crossref, Google Scholar
36. K. S. Krishnan, B. Jaison and S. P. Raja, An efficient novel color image encryption algorithm based on 3D Lü chaotic dynamical system and SHA-512, Int. J. Wavelets Multires. Inf. Process. 18(5) (2020) 2050042. Link, Web of Science, Google Scholar
37. D. Bilar, Opcodes as predictor for malware, Int. J. Electron. Sec. Digital Forensics 1(2) (2007) 156–168. Crossref, Google Scholar
38. J. Ferguson and D. Kaminsky, Reverse Engineering Code with IDA Pro (Syngress, 2008). Google Scholar
39. M. Raabe and W. Ballenthin, Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS) (2016), https://www.mandiant.com/resources/blog/automatically-extracting-obfuscated-strings. Google Scholar
40. T. Ojala, M. Pietikainen and D. Harwood, A comparative study of texture measures with classification based on feature distributions, Pattern Recognit. 29(1) (1996) 51–59. Crossref, Web of Science, Google Scholar
41. T. Ojala, M. Pietikainen and T. Maenpaa, Multiresolution gray scale and rotation invariant texture classification with local binary patterns, IEEE. Trans. Pattern Anal. Mach. Intell. 24(7) (2002) 971–987. Crossref, Web of Science, Google Scholar
42. L. Wang, Texture classification using texture spectrum, Pattern Recognit. 23(8) (1990) 905–910. Crossref, Web of Science, Google Scholar
43. A. Rácz, D. Bajusz and K. Héberger, Multi-level comparison of machine learning classifiers and their performance metrics, Molecules 24(15) (2019) 2811. Crossref, Web of Science, Google Scholar