Detecting obfuscated malware using reduced opcode set and optimised runtime trace

Philip O'Kane; Sakir Sezer; Kieran McLaughlin

doi:10.1186/s13388-016-0027-2

Detecting obfuscated malware using reduced opcode set and optimised runtime trace

Philip O'Kane, Sakir Sezer, Kieran McLaughlin

Research output: Contribution to journal › Article › peer-review

751 Downloads (Pure)

Abstract

The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program’s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The classifier used is a support vector machine and is configured to select those features to produce the optimal classification of malware over different program run lengths. The findings demonstrate that malware can be detected using dynamic analysis with relatively few opcodes.

Original language	English
Number of pages	12
Journal	Security Informatics
Volume	5
Issue number	2
Early online date	04 May 2016
DOIs	https://doi.org/10.1186/s13388-016-0027-2
Publication status	Early online date - 04 May 2016

Access to Document

10.1186/s13388-016-0027-2Licence: CC BY

Detecting obfuscated malware using reduced opcode set and optimised runtime trace
© 2016 O’kane et al. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
Final published version, 2.32 MBLicence: CC BY

Cite this

@article{755b589ca6574425a563f7428db2f18e,

title = "Detecting obfuscated malware using reduced opcode set and optimised runtime trace",

abstract = "The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program{\textquoteright}s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The classifier used is a support vector machine and is configured to select those features to produce the optimal classification of malware over different program run lengths. The findings demonstrate that malware can be detected using dynamic analysis with relatively few opcodes.",

author = "Philip O'Kane and Sakir Sezer and Kieran McLaughlin",

year = "2016",

month = may,

day = "4",

doi = "10.1186/s13388-016-0027-2",

language = "English",

volume = "5",

journal = "Security Informatics",

issn = "2190-8532",

number = "2",

}

TY - JOUR

T1 - Detecting obfuscated malware using reduced opcode set and optimised runtime trace

AU - O'Kane, Philip

AU - Sezer, Sakir

AU - McLaughlin, Kieran

PY - 2016/5/4

Y1 - 2016/5/4

N2 - The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program’s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The classifier used is a support vector machine and is configured to select those features to produce the optimal classification of malware over different program run lengths. The findings demonstrate that malware can be detected using dynamic analysis with relatively few opcodes.

AB - The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program’s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The classifier used is a support vector machine and is configured to select those features to produce the optimal classification of malware over different program run lengths. The findings demonstrate that malware can be detected using dynamic analysis with relatively few opcodes.

U2 - 10.1186/s13388-016-0027-2

DO - 10.1186/s13388-016-0027-2

M3 - Article

VL - 5

JO - Security Informatics

JF - Security Informatics

SN - 2190-8532

IS - 2

ER -

Detecting obfuscated malware using reduced opcode set and optimised runtime trace

Abstract

Access to Document

Fingerprint

Cite this