DOI : https://doi.org/10.18517/ijaseit.8.6.5045

Classification of Polymorphic Virus Based on Integrated Features

Isredza Rahmi A Hamid (1), Sharmila Subramaniam (2), Zubaile Abdullah (3)
(1) Information Security Interest Group (ISIG), Faculty Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, 86400 Johor, Malaysia
(2) Information Security Interest Group (ISIG), Faculty Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, 86400 Johor, Malaysia
(3) Information Security Interest Group (ISIG), Faculty Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, 86400 Johor, Malaysia
Fulltext View | Download
How to cite (IJASEIT) :
A Hamid, Isredza Rahmi, et al. “Classification of Polymorphic Virus Based on Integrated Features”. International Journal on Advanced Science, Engineering and Information Technology, vol. 8, no. 6, Dec. 2018, pp. 2577-83, doi:10.18517/ijaseit.8.6.5045.
Citation Format :
Standard virus classification relies on the use of virus function, which is a small number of bytes written in assembly language. The addressable problem with current malware intrusion detection and prevention system is having difficulties in detecting unknown and multipath polymorphic computer virus solely based on either static or dynamic features. Thus, this paper presents an effective and efficient polymorphic classification technique based on integrated features. The integrated feature is selected based on Information Gain (IG) rank value between static and dynamic features. Then, all datasets are tested on Naí¯ve Bayes and Random Forest classifiers. We extracted 49 features from 700 polymorphic computer virus samples from Netherland Net Lab and VXHeaven, which includes benign and polymorphic virus function. We spilt the dataset based on 60:40 split ratio sizes for training and testing respectively. Our proposed integrated features manage to achieve 98.9% of accuracy value.

S. Chaumette, O. Ly, and R. Tabary, “Automated extraction of polymorphic virus signatures using abstract interpretation,” Proc. - 2011 5th Int. Conf. Netw. Syst. Secure. NSS 2011, pp. 41-48, 2011.

A. A. E. Elhadi, “Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph,” Am. J. Appl. Sci., vol. 9, no. 3, pp. 283-288, 2012.

H. Lim, Y. Yamaguchi, H. Shimada, and H. Takakura, “Malware classification method based on sequence of traffic flow BT - 1st International Conference on Information Systems Security and Privacy, ICISSP 2015, February 9, 2015 - February 11, 2015,” 2015, pp. 230-237.

G. Nascimento and M. Correia, “Anomaly-based intrusion detection in software as a service,” Proc. Int. Conf. Dependable Syst. Networks, pp. 19-24, 2011.

R. Islam, R. Tian, L. Batten, and S. Versteeg, “Classification of Malware Based on String and Function Feature Selection,” 2010 Second Cybercrime Trust. Comput. Work., pp. 9-17, 2010.

A. Tang, S. Sethumadhavan, and S. Stolfo, “Unsupervised Anomaly-based Malware Detection using Hardware Features,” Proc. Int. Symp. Res. Attacks, Intrusion Detect., p. 1, 2014.

R. Sekar, a Gupta, J. Frullo, T. Shanbhag, a Tiwari, H. Yang, and S. Zhou, “Specification-based anomaly detection: a new approach for detecting network intrusions,” CCS ’02 Proc. 9th ACM Conf. Comput. Commun. Secur., pp. 265-274, 2002.

E. Al Daoud, I. Jebril, and B. Zaqaibeh, “Computer virus strategies and detection methods,” Int. J. Open Probl. Comput. Math., vol. 1, no. 2, pp. 122-129, 2008.

A. Techniques, “MALWARE: Threats and Attacks Part 1-D: How to protect from Malware attacks, Antivirus Techniques Malware threats and attacks,” 2012.

Idika, N. (2007). A Survey of Malware Detection Techniques.

R. Islam, R. Tian, L. Batten, and S. Versteeg, “Classification of Malware Based on String and Function Feature Selection,” 2010.

F. Leder, B. Steinbock, and P. Martini, "Classification and detection of metamorphic malware using value set analysis," 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), Montreal, QC, 2009, pp. 39-46.

Y. Ye, T. Li, Q. Jiang, and Y. Wang, "CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection," in IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 40, no. 3, pp. 298-307, May 2010.

K. Huang, Y. Ye and Q. Jiang, "ISMCS: An intelligent instruction sequence based malware categorization system," 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication, Hong Kong, 2009, pp. 509-512.

N. Bayes, “Naive Bayes classifier,” pp. 1-9, 2006.

“VXHeaven_Dataset,” 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), 2014.

A. R. Kakad, S. G. Kamble, S. S. Bhuvad, and V. N. Malavade, “Study and Comparison of Virus Detection Techniques,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 4, no. 3, pp. 251-253, 2014.

R. Tian, R. Islam, L. Batten, and S. Versteeg, “Differentiating Malware from Cleanware Using Behavioural Analysis,” pp. 23-30, 2010.

R. Islam, R. Tian, L. M. Batten, and S. Versteeg, “Journal of Network and Computer Applications Classification of malware based on integrated static and dynamic features,” vol. 36, pp. 646-656, 2013.

H. Zhao, M. Xu, N. Zheng, J. Yao and Q. Ho, "Malicious Executables Classification Based on Behavioral Factor Analysis," 2010 International Conference on e-Education, e-Business, e-Management and e-Learning, Sanya, 2010, pp. 502-506.

Grí©goire Jacob, Herví© Debar, Eric Filiol, "Malware detection using attribute-automata to parse abstract behavioral descriptions," CoRR abs/0902.0322, 2009.

I.R.A Hamid, N.S Khalid, N.A. Abdullah, N. H. Ab Rahman, C.C. Wen, “Android Malware Classification Using K-Means Clustering Algorithm,” 2017 IOP: Conference Series: Materials Science and Engineering, Melaka, 2017, vol. 226.

A. Zulkifli, I.R.A Hamid, W.M Shah, and Z. Abdullah, “Android Malware Detection Based on Network Traffic Using Decision Tree Algorithm,” 2018 International Conference on Soft Computing and Data Mining, pp. 485-494.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).