N-gram density based malware detection

Philip O'Kane; Sakir Sezer; Kieran McLaughlin

doi:10.1109/WSCAR.2014.6916806

N-gram density based malware detection

Philip O'Kane, Sakir Sezer, Kieran McLaughlin

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Citations (Scopus)

Abstract

N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of Ngram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.

Original language	English
Title of host publication	2014 World Symposium on Computer Applications and Research (WSCAR)
Publisher	Institute of Electrical and Electronics Engineers Inc.
Number of pages	6
ISBN (Electronic)	9781479928064
ISBN (Print)	9781479928057
DOIs	https://doi.org/10.1109/WSCAR.2014.6916806
Publication status	Published - 20 Jan 2014
Event	Computer Applications & Research (WSCAR), 2014 World Symposium on - Tunisia, Sousse, Tunisia Duration: 18 Jan 2014 → 20 Jan 2014

Conference

Conference	Computer Applications & Research (WSCAR), 2014 World Symposium on
Country/Territory	Tunisia
City	Sousse
Period	18/01/2014 → 20/01/2014

Access to Document

10.1109/WSCAR.2014.6916806

14 Citations
1 Article

Obfuscation: The Hidden Malware
O'Kane, P., Sezer, S. & McLaughlin, K., Oct 2011, In: IEEE Security & Privacy Magazine. 9, 5, p. 41-47 7 p., 12267650.
Research output: Contribution to journal › Article › peer-review
174 Citations (Scopus)

Cite this

@inproceedings{2eb156107d2c4b6a8a9b2084b4f5f688,

title = "N-gram density based malware detection",

abstract = "N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of Ngram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis. ",

author = "Philip O'Kane and Sakir Sezer and Kieran McLaughlin",

year = "2014",

month = jan,

day = "20",

doi = "10.1109/WSCAR.2014.6916806",

language = "English",

isbn = "9781479928057",

booktitle = "2014 World Symposium on Computer Applications and Research (WSCAR)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "Computer Applications & Research (WSCAR), 2014 World Symposium on ; Conference date: 18-01-2014 Through 20-01-2014",

}

TY - GEN

T1 - N-gram density based malware detection

AU - O'Kane, Philip

AU - Sezer, Sakir

AU - McLaughlin, Kieran

PY - 2014/1/20

Y1 - 2014/1/20

N2 - N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of Ngram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.

AB - N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. The motivation for this research is to find a subset of Ngram features that makes a robust indicator of malware. The experiments within this paper represent programs as N-gram density histograms, gained through dynamic analysis. A Support Vector Machine (SVM) is used as the program classifier to determine the ability of N-grams to correctly determine the presence of malicious software. The preliminary findings show that an N-gram size N=3 and N=4 present the best avenues for further analysis.

U2 - 10.1109/WSCAR.2014.6916806

DO - 10.1109/WSCAR.2014.6916806

M3 - Conference contribution

SN - 9781479928057

BT - 2014 World Symposium on Computer Applications and Research (WSCAR)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - Computer Applications & Research (WSCAR), 2014 World Symposium on

Y2 - 18 January 2014 through 20 January 2014

ER -

N-gram density based malware detection

Abstract

Conference

Access to Document

Fingerprint

Research output

Obfuscation: The Hidden Malware

Cite this