Allan Ninyesiga, John Ngubiri

Behavioral Malware Detection by Data Mining

• Broschiertes Buch

Produktbeschreibung

Malware cases are increasing both in numbers and fatality. Hackers design malware to compromise systems security mostly confidentiality, integrity, and availability. Malware elimination techniques exist but the malware must be detected first. Malware detection techniques still have weaknesses of high false positive/negatives rates. The emergency of polymorphic malware has made the situation worse. Recent studies have shown data mining to be promising in identifying malware by analyzing API calls. However, in this approach, a file is detected as malicious or not. It is not classified on to which malware class it belongs. This makes its elimination harder as elimination schemes are mostly class based. Classification as a post detection process is important if the malware is to be eliminated from the system. We experiment on the use of data mining approach to classify malware using 4-gram API system calls. We use Windows Portable Executables (PE) with their corresponding API calls. Using the Cuckoo sandbox. Relevant 4-gram API call features are extracted using Term Frequency-Inverse Document Frequency(TF-IDF). Machine Learning algorithms are then applied to classify the malware.

Produktdetails

• Verlag: LAP Lambert Academic Publishing
• Seitenzahl: 96
• Erscheinungstermin: 9. Oktober 2018
• Englisch
• Abmessung: 220mm x 150mm x 6mm
• Gewicht: 161g
• ISBN-13: 9786139923069
• ISBN-10: 6139923069
• Artikelnr.: 54463934

Autorenporträt

Allan Ninyesiga obteve um Mestrado em Informática com uma Especialização em Segurança Informática da Universidade Tecnológica e de Gestão do Uganda em 2017. Devido ao amplo aumento na utilização de Sistemas TIC, Allan tomou um caminho para desafiar aqueles (o malware) que comprometem a segurança dos sistemas por esta investigação.