Classifying advanced malware into families based on instruction link analysis

Tabatabaei, SA 2018, Classifying advanced malware into families based on instruction link analysis , MPhil thesis, University of Salford.

[img] PDF - Submitted Version
Restricted to Repository staff only until 14 December 2020.

Download (3MB)

Abstract

With the ever-increasing growth of network resources, a great number of organizations are extremely dependent on the internet for operational activities as such, exposing their sensitive and confidential information to intrusion or invasion by saboteurs and corporate theft leaving them exposed and vulnerable. This revolution has led to the fast and emerging growth of malware with high complexity which circumnavigates a lot of security asset to keep safe sensitive organizational data. The development of these complex malware has become a big threat in today’s computing world such as Advanced Persistent Threats (APTs). APTs is customized for a specific target and can be subtly altered to avoid detection. In that, APTs attack is considered as a serious problem whose devastating effects cannot be overemphasized.

To combat this propagate, malware analysers have been deployed in Machine Learning and Data Mining techniques or the combination of both techniques to automatically spot malicious file. A lot of feature engineering approaches are explored to improve the performance of detection/classification system if feature engineering approach provides sufficient information of malware type for clustering purposes, then this indicates the possibility of developing learning method which performs better. In fact, there are motivations for incorporating feature selection in data classification employed on data from a machine learning perspective. The main focus of this research is on static analysis approach. To find the dominated features in one malware family, an experimentation with the association, link analysis, and segmentation algorithms are employed. The model performs on a publicly available dataset on Kaggle and GitHub. The experimental data gave supportive validation of the proposed feature selection model by Gaussian Mixer Model in R environment.

Item Type: Thesis (MPhil)
Contributors: Saraee, MH (Supervisor)
Schools: Schools > School of Computing, Science and Engineering
Depositing User: SAEEDEH Alsadat tabatabaei
Date Deposited: 18 Dec 2018 15:11
Last Modified: 18 Dec 2018 15:11
URI: http://usir.salford.ac.uk/id/eprint/49520

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)

Downloads

Downloads per month over past year