Automated malware recognition method based on local neighborhood binary pattern

摘要

Malware recognition has been widely used in the literature. One of the malware recognition methods is the byte code based methods. These methods generally use image processing and machine learning methods together to recognize malware. In this article, a novel byte code based malware recognition method is presented, and it consists of feature extraction using the proposed local neighborhood binary pattern (LNBP), feature concatenation, feature selection with neighborhood component analysis (NCA), feature reduction using principal component analysis (PCA) and classification using linear discriminant analysis. A heterogeneous and mostly used byte-based malware dataset (Maligm) was chosen to evaluate the performance of the proposed LNBP based recognition method. The best accuracy rate was equal to 89.40%. The proposed LNBP based method was also compared to the state-of-art deep learning methods, and it achieved a higher success rate than them. These results clearly demonstrate prove the success of the proposed LNBP based method.