Malware Classification Approach Based on Valid Window and Naive Bayes

Zhu Kenan; Yin Baolin; Mao Yaming; Hu Yingnan

Journal of Computer Research and Development > 2014 > 51(2): 373-381.

Zhu Kenan, Yin Baolin, Mao Yaming, Hu Yingnan. Malware Classification Approach Based on Valid Window and Naive Bayes[J]. Journal of Computer Research and Development, 2014, 51(2): 373-381.

Citation:

Zhu Kenan, Yin Baolin, Mao Yaming, Hu Yingnan. Malware Classification Approach Based on Valid Window and Naive Bayes[J]. Journal of Computer Research and Development, 2014, 51(2): 373-381.

Citation:

Zhu Kenan, Yin Baolin, Mao Yaming, Hu Yingnan. Malware Classification Approach Based on Valid Window and Naive Bayes[J]. Journal of Computer Research and Development, 2014, 51(2): 373-381.

PDF (1683 KB)

Malware Classification Approach Based on Valid Window and Naive Bayes

1(CNPC Information Technology Service Center, Beijing 100007) 2(School of Computer Science, Beihang University, Beijing 100191) 3(HSE Information Center, CNPC Research Institute of Safety and Environment Technology, Beijing 102206)

More Information

Published Date: February 14, 2014

Graphical Abstract

Abstract

Abstract

Malware classification is the key problem in the field of malicious code analysis and intrusion detection. Existing malware classification approaches have low efficiency and poor accuracy because the raw behavior analysis data is large-scale with high noise data and interfered by random factors. To solve the above issues, taking the malware behavior reports as raw data, this paper analyzes the malware behavior characteristics, the operation similarity, the interference situation of random factors and noisy behavior data. Then it proposes a parameter valid window model for system call which improves the ability of operation sequence to describe behavior similarity. On this basis, the paper presents a malware classification approach based on naive Bayes machine learning model and parameter valid window. Moreover, an automatic malware behavior classifier prototype called MalwareFilter is designed and implemented in this paper. In case study, we evaluate the prototype using system call sequence reports generated through true malware. The experiment results show that our approach is effective, and the performance and accuracy of training and classification are improved through parameter valid window.
- malware,
- behavior classification,
- naive Bayes,
- machine learning,
- intrusion detection,
- behavior characteristic,
- operation similarity

FullText(HTML)

References (0)

[1]	Pang Tao, Duan Zhenhua. Symbolic Model Checking of WISHBONE on-Chip Bus[J]. Journal of Computer Research and Development, 2014, 51(12): 2759-2771. DOI: 10.7544/issn1000-1239.2014.20131164
[2]	Zhou Hang, Huang Zhiqiu, Zhu Yi, Xia Liang, Liu Linyuan. Real-Time Systems Contact Checking and Resolution Based on Time Petri Net[J]. Journal of Computer Research and Development, 2012, 49(2): 413-420.
[3]	Wang Yongji, Wu Jingzheng, Ding Liping, Zeng Haitao. Detecion Approach for Covert Channel Based on Concurrency Conflict Interval Time[J]. Journal of Computer Research and Development, 2011, 48(8): 1542-1553.
[4]	Liu Li, Chen Mingyu, Bao Yungang, Xu Jianwei, Fan Jianping. A Stream Checking and Prefetching Algorithm Based on Page Level Stream Buffer Architecture[J]. Journal of Computer Research and Development, 2009, 46(10): 1758-1767.
[5]	Jiang Hua, Li Xiang. Model Checking for Mobile Ambients[J]. Journal of Computer Research and Development, 2009, 46(10): 1750-1757.
[6]	Gong Rui, Chen Wei, Liu Fang, Dai Kui, and Wang Zhiying. Control Flow Checking and Recovering by Compiler Signatures and Hardware Checking[J]. Journal of Computer Research and Development, 2009, 46(2): 345-351.
[7]	Zhang Junhua, Huang Zhiqiu, and Cao Zining. Counterexample Generation for Probabilistic Timed Automata Model Checking[J]. Journal of Computer Research and Development, 2008, 45(10): 1638-1645.
[8]	Zhao Mingfeng, Song Wen, Yang Yixian. Confusion Detection Based on Petri-Net[J]. Journal of Computer Research and Development, 2008, 45(10): 1631-1637.
[9]	Huang Weiping. Program Restructuring to Improve Efficiency of Software Model Checking[J]. Journal of Computer Research and Development, 2008, 45(8): 1417-1422.
[10]	He Jian, Qin Zheng. Modeling and Checking the Behavior of Software Architecture[J]. Journal of Computer Research and Development, 2005, 42(11): 2018-2024.