Support Vector Machine Integrated with game-theoretic approach and genetic algorithm for the detection and classification of malware

摘要

Abstract.—In the modern world, a rapid growth of mali-cious software production has become one of the most signifi-cant threats to the network security. Unfortunately, widespreadsignature-based anti-malware strategies can not help to detectmalware unseen previously nor deal with code obfuscation tech-niques employed by malware designers. In our study, the problemof malware detection and classification is solved by applying adata-mining-based approach that relies on supervised machine-learning. Executable files are presented in the form of byte andopcode sequences and n-gram models are employed to extractessential features from these sequences. Feature vectors obtainedare classified with the help of support vector classifiers integratedwith a genetic algorithm used to select the most essential features,and a game-theory approach is applied to combine the classifierstogether. The proposed algorithm, ZSGSVM, is tested by using aset of byte and opcode sequences obtained from a set containingexecutable files of benign software and malware. As a result,almost all malicious files are detected while the number of falsealarms remains very low.