Automated malware recognition method based on local neighborhood binary pattern
- PDF / 2,559,400 Bytes
- 18 Pages / 439.37 x 666.142 pts Page_size
- 82 Downloads / 214 Views
Automated malware recognition method based on local neighborhood binary pattern Turker Tuncer 1 & Fatih Ertam 1 & Sengul Dogan 1 Received: 2 July 2019 / Revised: 17 June 2020 / Accepted: 16 July 2020 # Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract
Malware recognition has been widely used in the literature. One of the malware recognition methods is the byte code based methods. These methods generally use image processing and machine learning methods together to recognize malware. In this article, a novel byte code based malware recognition method is presented, and it consists of feature extraction using the proposed local neighborhood binary pattern (LNBP), feature concatenation, feature selection with neighborhood component analysis (NCA), feature reduction using principal component analysis (PCA) and classification using linear discriminant analysis. A heterogeneous and mostly used byte-based malware dataset (Maligm) was chosen to evaluate the performance of the proposed LNBP based recognition method. The best accuracy rate was equal to 89.40%. The proposed LNBP based method was also compared to the state-of-art deep learning methods, and it achieved a higher success rate than them. These results clearly demonstrate prove the success of the proposed LNBP based method. Keywords LNBP . Malware recognition . Machine learning . Grayscale image processing . Cyber security
* Turker Tuncer [email protected] Fatih Ertam [email protected] Sengul Dogan [email protected]
1
Department of Digital Forensics Engineering, Technology Faculty, Firat University, Elazig, Turkey
Multimedia Tools and Applications
1 Introduction 1.1 Background Recently, the number of cyber-attacks that affect critical systems such as energy, transportation, banking, and defense has started to increase [20, 21]. Malware is widely used in attacks against such critical systems. Malware detection is an essential part of information security [6]. Malware attacks aim at various systems. Some of them include advertising, spreading spam, detecting user activity, making systems accessible. In particular, Advanced Persistent Threat (APT) can reveal confidential information about individuals and even countries [9]. Using only antivirus software is not enough to deal with malware. Malware infected systems can be accessed remotely via trojans or backdoors, and the victim system can be used by attackers [32]. Terms such as worm, virus, trojan are used to classify examples of malware that exhibit similar malicious behavior. The first examples of malware were viruses. Today we have a wide range of malicious software examples. Malware is continually being updated. The motivation for the creator of such malware is often to highlight some vulnerabilities or just reveal their technical capabilities. As time went by, the motivations changed. Today, there is a thriving economy based on malware [23, 37]. The inability to detect unknown threats is also unable to detect specially adapted malware. The most well-known Interne
Data Loading...
