DYNAMIC ANALYSIS OF MALWARE USING DECISION TREES

Ravinder R. Ravula; Chien-Chung Chan; Kathy J. Liszka

doi:10.5220/0003660200740083

DYNAMIC ANALYSIS OF MALWARE USING DECISION TREES

Ravinder R. Ravula, Chien-Chung Chan, Kathy J. Liszka

2011

Abstract

Detecting new and unknown malware is a major challenge in today¹s software security profession. Most existing works for malware detection are based on static features of malware. In this work, we applied a reversed engineering process to extract static and behavioural features from malware. Two data sets are created based on reversed features and API Call features. Essential features are identified by applying Weka’s J48 decision tree classifier to 582 malware and 521 benign software samples collected from the Internet. The performance of decision tree and Naïve Bayes classifiers are evaluated by 5-fold cross validation with 80-20 splits of training sets. Experimental results show that Naïve Bayes classifier has better performance on the smaller data set with 12 reversed features, while J48 has better performance on the data set created from the API Call data set with 141 features.

Download

Paper Citation

in Harvard Style

R. Ravula R., Chan C. and J. Liszka K. (2011). DYNAMIC ANALYSIS OF MALWARE USING DECISION TREES . In Proceedings of the International Conference on Knowledge Discovery and Information Retrieval - Volume 1: KDIR, (IC3K 2011) ISBN 978-989-8425-79-9, pages 74-83. DOI: 10.5220/0003660200740083

in Bibtex Style

@conference{kdir11,
author={Ravinder R. Ravula and Chien-Chung Chan and Kathy J. Liszka},
title={DYNAMIC ANALYSIS OF MALWARE USING DECISION TREES},
booktitle={Proceedings of the International Conference on Knowledge Discovery and Information Retrieval - Volume 1: KDIR, (IC3K 2011)},
year={2011},
pages={74-83},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003660200740083},
isbn={978-989-8425-79-9},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Knowledge Discovery and Information Retrieval - Volume 1: KDIR, (IC3K 2011)
TI - DYNAMIC ANALYSIS OF MALWARE USING DECISION TREES
SN - 978-989-8425-79-9
AU - R. Ravula R.
AU - Chan C.
AU - J. Liszka K.
PY - 2011
SP - 74
EP - 83
DO - 10.5220/0003660200740083