Top

Published in:

2016 | OriginalPaper | Chapter

Malware Detection Using Higher Order Statistical Parameters

Authors : Easwaramoorthy Arul, Venugopal Manikandan

Published in: Digital Connectivity – Social Impact

Publisher: Springer Nature Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Malware holds an important place in system performance degradation and information embezzling from the victim system. Most of the malware writers choose their path to reach the victim system through the internet, infected browsers, injected files, memory devices, etc., highly obscured malwares evade the automated tools installed in the victim. Once the victim system gets affected by the malware, executable processes are controlled by malware. In this paper, an algorithm has been developed to identify the malware using image processing. The malware detection process has three phases. In first phase, the files (.exe) are converted into a gray scale image. The binary values of corresponding files are converted into 8 - bit gray scale intensity value. The band pass frequency of gray scale image is computed in second phase. In the final phase, third and fourth order statistical parameter such as skewness and kurtosis are calculated at the each sub region of band pass frequency image. The region which has the highest skewness and kurtosis value is marked as the malware file. The detection performance of the proposed method has been evaluated by using 1300 portable executable files. The detection method has a true positive ratio of 93.33% with 0.1 false positives. Preliminary results indicate that the proposed algorithm is better than other conventional malware detection methods.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter An Enhanced and Efficient Algorithm for Faster, Better and Accurate Edge Detection

next chapter Denoising Iris Image Using a Novel Wavelet Based Threshold

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)CrossRef

Pietrek, M.: An In-Depth Look into the Win32 Portable Executable, File Format, MSDN Magazine (2002). https://msdn.microsoft.com/en-IN/library/ms809762.aspx, http://www.csn.ul.ie/caolan/pub/winresdump/winresdump/doc/pefile2.html

https://msdn.microsoft.com/en-us/library/t0wd4t32.aspx, https://www.cs.columbia.edu/jae/4118/L02-intro2-osc-ch2.pdf

Hsu, F.H., Tso, C.K., Yeh, Y.C., Wang, W.J., Chen, L.H.: Browser guard: a behavior-based solution to drive-by-download attacks. IEEE J. Sel. Areas Commun. 29(7) (2011). doi:10.1109/JSAC.2011.110811

Watson, M.R., Shirazi, N.U.H., Marnerides, A.K., Mauthe, A., Hutchison, D.: Malware detection in cloud computing infrastructures. IEEE Trans. Dependable Secur. Comput. doi:10.1109/TDSC.2015.2457918

Butler, P., Rhodes, A., Hasan, R.: MANTICORE: masking all network traffic via IP concealment with OpenVPN relaying to EC2. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD). Print ISBN: 978-1-4673-2892-0, doi:10.1109/CLOUD.2012.29

Komashinskiy, D., Kotenko, I.: Malware detection by data mining techniques based on positionally dependent features. In: 2010 18th Euromicro International Conference on Parallel, Distributed, Network-Based Processing (PDP), 17–19 February 2010. ISSN: 1066-6192, doi:10.1109/PDP.2010.30

Sundarkumar, G.G., Ravi, V.: Malware detection by text, data mining. In: 2013 IEEE International Conference on Computational Intelligence, Computing Research (ICCIC), 26–28 December 2013. ISBN: 978-1-4799-1594-1, doi:10.1109/ICCIC.2013.6724229

Han, K.S., Lim, J.H., Kang, B., Im, E.G.: Malware analysis using visualized images and entropy graphs. Int. J. Inf. Secur. http://link.springer.com/article/10.1007/s10207-014-0242-0

10.

Dai, J., Guha, R., Lee, J.: Efficient virus detection using dynamic instruction sequences. J. Comput. 4(5), 405–414 (2009)CrossRef

11.

Makandar, A., Patrot, A.: Malware image analysis and classification using support vector machine. Int. J. Adv. Trends Comput. Sci. Eng. 4(5), 01–03 (2015)

12.

Anderson, B., Quist, D., Neil, J., Storlie, C., Lane, T.: Graph-based malware detection using dynamic analysis. J. Comput. Virol. 7(4), 247–258 (2011). First online: 08 June 2011CrossRef

13.

Ahmed, I., Lhee, K.-S.: Classification of packet contents for malware detection. J. Comput. Virol. 7, 279 (2011). First online: 22 October 2011CrossRef

14.

Fuyong, Z., Deyu, Q.: Run-time malware detection based on positive selection. J. Comput. Virol. 7, 267 (2011). First online: 28 July 2011CrossRef

15.

Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, Article No. 4. ISBN: 978-1-4503-0679-9, doi:10.1145/2016904.2016908

16.

Tsatsanis, M.K., Giannakis, G.B.: Object and texture classification using higher-order statistics. IEEE Trans. Pattern Anal. Mach. Intell. 14(7), 733–750 (1992)CrossRef

17.

Gurcan, M.N., Yardimci, Y., Cetin, A.E., Ansari, R.: Detection of microcalcifications in mammograms using higher order statistics. IEEE Signal Process. Lett. 4(8), 213–216 (1997)CrossRef

18.

Balakumaran, T., Vennila, I.: A computer aided diagnosis system for microcalcification cluster detection in digital mammogram. Int. J. Comput. Appl. 34(1), 39–45 (2011)

19.

Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001)CrossRefMATH

20.

Kirat, D., Nataraj, L., Vigna, G., Manjunath, B.S.: SigMal: a static signal processing based malware triage. In: Proceedings 29th Annual Computer Security Applications Conference, pp. 89–98, December 2013

21.

Wu, P., Guo, Q., Song, H., Tang, X.: A guess to detect the downloader-like programs. In: Proceedings of the Ninth International Symposium Distributed Computing and Applications to Business Engineering and Science, Hong Kong, China, 10–12 August 2010

22.

http://www.tekdefense.com/downloads/malware-samples/, http://contagiodump.blogspot.in/2010/11/links-and-resources-for-malware-samples.html, https://tuts4you.com/download.php?list.89

Title: Malware Detection Using Higher Order Statistical Parameters
Authors: Easwaramoorthy Arul
Venugopal Manikandan
Publisher: Springer Nature Singapore
Book: Digital Connectivity – Social Impact
Print ISBN: 978-981-10-3273-8

Electronic ISBN: 978-981-10-3274-5

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-981-10-3274-5_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner