N-gram density based malware detection

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)


N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of Ngram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.
Original languageEnglish
Title of host publication2014 World Symposium on Computer Applications and Research (WSCAR)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781479928064
ISBN (Print)9781479928057
Publication statusPublished - 20 Jan 2014
EventComputer Applications & Research (WSCAR), 2014 World Symposium on - Tunisia, Sousse, Tunisia
Duration: 18 Jan 201420 Jan 2014


ConferenceComputer Applications & Research (WSCAR), 2014 World Symposium on


Dive into the research topics of 'N-gram density based malware detection'. Together they form a unique fingerprint.

Cite this