A hybrid model to detect malicious executables

Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Citations (Scopus)

Abstract

We present a hybrid data mining approach to detect malicious executables. In this approach we identify important features of the malicious and benign executables. These features are used by a classifier to learn a classification model that can distinguish between malicious and benign executables. We construct a novel combination of three different kinds of features: binary n-grams, assembly n-grams, and library function calls. Binary features are extracted from the binary executables, whereas assembly features are extracted from the disassembled executables. The function call features are extracted from the program headers. We also propose an efficient and scalable feature extraction technique. We apply our model on a large corpus of real benign and malicious executables. We extract the abovementioned features from the data and train a classifier using Support Vector Machine. This classifier achieves a very high accuracy and low false positive rate in detecting malicious executables. Our model is compared with other feature-based approaches, and found to be more efficient in terms of detection accuracy and false alarm rate.

Original languageEnglish
Title of host publication2007 IEEE International Conference on Communications, ICC'07
Pages1443-1448
Number of pages6
DOIs
Publication statusPublished - Dec 1 2007
Externally publishedYes
Event2007 IEEE International Conference on Communications, ICC'07 - Glasgow, Scotland, United Kingdom
Duration: Jun 24 2007Jun 28 2007

Publication series

NameIEEE International Conference on Communications
ISSN (Print)0536-1486

Other

Other2007 IEEE International Conference on Communications, ICC'07
Country/TerritoryUnited Kingdom
CityGlasgow, Scotland
Period6/24/076/28/07

Keywords

  • Disassembly
  • Feature extraction
  • Malicious executable
  • N-gram analysis

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'A hybrid model to detect malicious executables'. Together they form a unique fingerprint.

Cite this