SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

Philip O'Kane; Sakir Sezer; Kieran McLaughlin; Eul Gyu Im

doi:10.1109/TIFS.2013.2242890

SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

Philip O'Kane, Sakir Sezer, Kieran McLaughlin, Eul Gyu Im

Research output: Contribution to journal › Article › peer-review

37 Citations (Scopus)

396 Downloads (Pure)

Abstract

N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.

Original language	English
Pages (from-to)	500-509
Journal	IEEE Transactions on Information Forensics and Security
Volume	8
Issue number	3
Early online date	25 Jan 2013
DOIs	https://doi.org/10.1109/TIFS.2013.2242890
Publication status	Published - Mar 2013

Keywords

Obfuscation, Packers, Polymorphism, Metamorphism Malware, KNN, SVM

Access to Document

10.1109/TIFS.2013.2242890

SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection
Copyright 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 1.19 MB

Fingerprint Dive into the research topics of 'SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection'. Together they form a unique fingerprint.

1 Finished

R1118ECI: Centre for Secure Information Technologies (CSIT)
McCanny, J. V., Cowan, C., Crookes, D., Fusco, V., Linton, D., Liu, W., Miller, P., O'Neill, M., Scanlon, W. & Sezer, S.
01/08/2009 → 30/06/2014
Project: Research

Cite this

@article{f382a397cfa6439ab2e5f20a41bfafe3,

title = "SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection",

abstract = "N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter. ",

keywords = "Obfuscation, Packers, Polymorphism, Metamorphism Malware, KNN, SVM",

author = "Philip O'Kane and Sakir Sezer and Kieran McLaughlin and {Gyu Im}, Eul",

year = "2013",

month = mar,

doi = "10.1109/TIFS.2013.2242890",

language = "English",

volume = "8",

pages = "500--509",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

AU - O'Kane, Philip

AU - Sezer, Sakir

AU - McLaughlin, Kieran

AU - Gyu Im, Eul

PY - 2013/3

Y1 - 2013/3

N2 - N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.

AB - N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.

KW - Obfuscation, Packers, Polymorphism, Metamorphism Malware, KNN, SVM

U2 - 10.1109/TIFS.2013.2242890

DO - 10.1109/TIFS.2013.2242890

M3 - Article

VL - 8

SP - 500

EP - 509

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 3

ER -

SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

Abstract

Keywords

Access to Document

R1118ECI: Centre for Secure Information Technologies (CSIT)

Cite this