SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

Philip O'Kane, Sakir Sezer, Kieran McLaughlin, Eul Gyu Im

Research output: Contribution to journalArticlepeer-review

43 Citations (Scopus)
493 Downloads (Pure)


N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.
Original languageEnglish
Pages (from-to)500-509
JournalIEEE Transactions on Information Forensics and Security
Issue number3
Early online date25 Jan 2013
Publication statusPublished - Mar 2013


  • Obfuscation, Packers, Polymorphism, Metamorphism Malware, KNN, SVM


Dive into the research topics of 'SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection'. Together they form a unique fingerprint.

Cite this