Accuracy Improved Malware Detection Method using Snort Sub-signatures and Machine Learning Techniques

摘要

Malware is a major computer security concern as many computing systems are connected to the Internet. The number of malware has increased over the years and a new malware has emerged daily. These new malware variants are capable of evading conventional system detection through obfuscations. One of the promising methods used to detect malware is machine learning (ML) techniques. This work presents a static malware detection system using n-gram and machine learning techniques. Successively, the known malware sub-signatures are developed to reduce large feature search spaces. That are generated due to n-gram feature extraction methods. Consequently, the feature space directly affects the performance and the detection accuracy of malware ML classifiers. Analysis of multiple feature selection methods to minimize the number of features and analysis of multiple ML classifiers are also developed to improve the malware detection accuracy. The results have shown that analyzing n-gram with Snort sub-signature features using machine learning may produce a good malware detection accuracy of more than 99.78%, minimized processing time of the optimum SVM classifier down to 5 sec. for all data set and zero FPR when 4gram features are applied for most of the verified ML classifiers.