Repository home
- Search
- Browse
  - Author
  - Division
  - Year
  - Funder
  - Journal
- Login
- - Repository Statistics
- Contact us
- Find out more

Intelligent OS X malware threat detection with code inspection

HaddadPajouh, H, Dehghantanha, A ORCID: https://orcid.org/0000-0002-9294-7554, Khayami, R and Choo, RKK 2017, 'Intelligent OS X malware threat detection with code inspection' , Journal of Computer Virology and Hacking Techniques, 14 (3) , pp. 213-223.

Preview

PDF - Published Version
Available under License Creative Commons Attribution 4.0.
Download (1MB) | Preview

PDF - Accepted Version
Restricted to Repository staff only
Download (1MB)

Official URL: http://dx.doi.org/10.1007/s11416-017-0307-5

Abstract

With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine (SVM) and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were is created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset.

Item Type:	Article
Schools:	Schools > School of Computing, Science and Engineering > Salford Innovation Research Centre
Journal or Publication Title:	Journal of Computer Virology and Hacking Techniques
Publisher:	Springer
ISSN:	2274-2042
Related URLs:	Publication
Funders:	European Council International Incoming Fellowship
Depositing User:	Dr. Ali Dehghantanha
Date Deposited:	18 Oct 2017 08:28
Last Modified:	15 Feb 2022 22:33
URI:	https://usir.salford.ac.uk/id/eprint/44069

Actions (login required)

Edit record (repository staff only)

Tools

Altmetric

Statistics

Downloads

Downloads per month over past year

CORE (COnnecting REpositories) related articles