Malware Detection Using a Heterogeneous Distance Function

Year, pages: 2018, 759 - 780

Classification of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual investigation is not possible, automated malware classification is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neighbors classifier and the statistical scoring technique from [12]. We have extracted the most relevant features from portable executable (PE) file format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental results show that the accuracy of our classifier is 98.80 %. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.

Jureček, M., Lórencz, R. 2018. Malware Detection Using a Heterogeneous Distance Function. In Computing and Informatics, vol. 37, no.3, pp. 759-780. 1335-9150. DOI: https://doi.org/10.4149/cai_2018_3_759

Jureček, M., Lórencz, R. (2018). Malware Detection Using a Heterogeneous Distance Function. Computing and Informatics, 37(3), 759-780. 1335-9150. DOI: https://doi.org/10.4149/cai_2018_3_759

Publisher: Ústav informatiky SAV